Introduction to software vulnerabilites

According to MITRE’s CVE Terminology, a vulnerability is a mistake in software that can be directly used by a hacker to gain access to a system or network, a state in a computing system which either:

  • Allows an attacker to execute commands as another user.
  • Allows an attacker to access data that is contrary to the specified access restrictions for that data.
  • Allows an attacker to pose as another entity.
  • Allows an attacker to conduct a denial of service.

Life cycle

The vulnerability life cycle consists of four events:

  • Discovery date. Somebody discovers that the vulnerability exists.
  • Disclosure date. A trusted security organization or the vulnerable software producer discloses the vulnerability existence.
  • Exploit date. Somebody creates an attack which exploits the vulnerability.
  • Patch date. Vulnerable software producer provides a solution or patch to protect the system.

It is not necessary that these four events occur in the vulnerability life cycle. A vulnerability can be exploited with no previous disclosure or can be patched with no previous exploit.

Vulnerability databases

Several databases store relevant data about vulnerabilities. Some examples are:

Share Button

Leave a Reply

Your email address will not be published.

Time limit is exhausted. Please reload the CAPTCHA.