From DisruptSV
Jump to: navigation, search

A vulnerability is a shortcoming in a service, either inherent or contextual.

Vulnerabilities can take many forms:

  • Product flaws that impact users.
  • Missing features with significant user demand.
  • Operational abuse or alienation of noteworthy slices of the user population.

A vulnerability may or may not be exploitable; when analyzing vulnerabilities, list them all regardless, and leave the matter of exploitability to the action plan writers.