: For other uses of the word Vulnerability , please refer to vulnerability.

In computer security, the word vulnerability refers to a weakness or other opening in a system. Vulnerabilities may result from computer bugs or design flaws in the system. A vulnerability can exist either only in theory, or could have a known exploit (computer security). Vulnerabilities are of significant interest when the program containing the vulnerability operates with special privileges, performs authentication or provides easy access to user data or facilities (such as a network server or RDBMS).

=Causes=

Vulnerabilities often result from the carelessness of a programmer, though they may have other causes. A vulnerability usually allows an attacker to trick the application into injecting data into its back end, execute commands on the system hosting the application, or use a flaw which allows for unintended access of memory to execute code with the privileges of the program. Some vulnerabilities arise from un-sanitized user input, often allowing the direct execution of commands or SQL statements (known as SQL injection), while others arise from more complex problems, such as unchecked buffers which can be buffer overflow so that code may be executed on the stack.

=Vulnerability Disclosure=

The method of disclosing vulnerabilities is a topic of debate in the computer security community. Some advocate immediate full disclosure of information about vulnerabilties once they are discovered. Others argue for limiting disclosure to the users placed at greatest risk, and only releasing full details after a delay, if ever. Such delays may allow those notified to fix the problem by developing and applying patch (computing)es, but may also increase the risk to those not privy to full details. Such debates are have a long history in security; see full disclosure and security through obscurity.

=Identifying and removing vulnerbilities=

Several tools exist that can aid in the discovery of vulnerabilities in a system. Though these tools can provide an auditor with a good overview of possible vulnerabilities present on a network, they can not substitute the human element in vulnerability assessment. Vulnerability scanners can provide value in conjunction with an audit, but relying solely on scanners will mean false positives and a limited-scope view of the problems present in the infrastructure.

If one is concerned about the privacy and integrity of their system, they should take care to constantly apply patches and use tools which help mitigate the exploitation of vulnerabilities. Vulnerabilities have been found in every major OS, including Windows, MacOS, various forms of UNIX and Linux, and OpenVMS. Since security is an ongoing process, the only way to reduce the chance of a vulnerability being used against a system is constant vigilance.

=Examples of vulnerabilities=

Well known vulnerabilities include (but are not limited to) *stack smashing and other buffer overflows *symlink races *data validation errors, such as: **format string bugs **improperly handling Unix shell metacharacters so they are interpreted **SQL injection **cross-site scripting (in web applications) **directory traversal *time-of-check-to-time-of-use race conditions

=See also=

= External links =