The dictionary defines a vulnerability as “the quality or state of being exposed to the possibility of being attacked or harmed.” Wikipedia defines a security vulnerability as “a weakness which can be exploited by a threat actor, such as an attacker, to perform unauthorized actions within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness.” Vulnerability is a very broad term. Yet, somehow, in infosec, we’ve come to narrowly associate a vulnerability with unpatched software and misconfigurations.
