Security flaw

From Clinfowiki
Revision as of 01:51, 7 April 2015 by Rorr (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Security flaws can be a weakness or vulnerability in the design of an application or within the procedures in using an application. This type of weakness allows attackers to comprise the integrity, availability and confidentiality of a system.[1] Also a security flaw can be a known or an unknown flaw. With known security flaws it may be possible to create procedures to mitigate those know weaknesses. With unknown security flaws one may not realize there is a weakness until that weakness has been exploited. An example would be a Zero day attack vulnerability which means no-one has seen that method of attack until it occurs.

Security flaws can be related to:

  • Security measures within the organization (Policies not requiring dual control)
  • Physical environment of the system (Secure access to the server room)
  • Hardware (No alternate power supply)
  • Software design (Programming error)
  • Communication (Not encrypted)
  • Business operations (Incomplete written procedures)
  • Administration procedures (Too many employees with administrative authority)


  1. Definition of a Security Vulnerability.