Ambrose Bierce defined 'history' as 'a record of mistakes made in the past, so we shall know when we make them again.' Although sardonic, his definition describes the state of affairs of computer system vulnerabilities. A 'vulnerable state' is 'any state which enables a user to read information without authorization, modify information without authorization, or grant or deny an entity access to a resource without authorization.' 'Exploiting a vulnerability' means that a system is in a vulnerable state and a user (called an attacker) reads or writes the information without authorization, or grants or denies service to another without authorization. In both these definitions, 'without authorization' means 'in violation of the system's security policy.' A 'vulnerability' (also called a 'flaw' or a 'hole') is the property of the system, its attendant software and/or hardware, or its administrative procedures, that cause it to enter a vulnerable state.

Click Here to download this article