Vulnerability

A vulnerability is a weakness or issue within a system, software, or application that could be exploited by a malicious party or hacker to gain unauthorized access to an organization. For vulnerabilities in commercial products, there is a system maintained by the MITRE corporation that is known as the Common Vulnerability and Exposure (CVE) system, in which a unique number is assigned to each CVE based upon timing of the discovery within a year. Whether vulnerabilities occur in the custom software an organization has created or in the commercial products they use, organizations almost always have far more vulnerabilities that need to be addressed than they can address in a timely manner, which is why there has been growing interest in risk-based vulnerability management.