Vulnerability (computer science)

For other uses of the word "Vulnerability", please refer to vulnerability.

In computer security, the word vulnerability refers to a weakness or other opening in a system. Vulnerabilities may result from bugs or design flaws in the system. A vulnerability can exist either only in theory, or could have a known exploit.

The method of disclosing vulnerabilities is a topic of debate in the computer security community. Some advocate immediate full disclosure of information about vulnerabilties once they are discovered. Others argue for limiting disclosure to the users placed at greatest risk, and only releasing full details after a delay, if ever. Such delays may allow those notified to fix the problem by developing and applying patches, but may also increase the risk to those not privy to full details. Such debates are have a long history in security; see full disclosure and security through obscurity.

Several tools exist that can aid in the discovery of vulnerabilities in a system. Examples of these include Nessus and Internet Scanner from Internet Security Systems.

If one is concerned about the privacy and integrity of their corporate IT environment, it may be preferable to avoid operating systems such as Windows, Linux and Unix, and instead choose a server platform which is inherently strong in security and which was designed from the ground up to be bullet-proof, such as OpenVMS from Hewlett Packard, which because of its lack of vulnerabilities is used in most major stock exchanges throughout the world.

External links

• K-OTik Security Advisories and Vulnerabilities
• Open Source Vulnerability Database homepage
• Security Focus Vulns Archive