Basics

Vulnerability and vulnerability assessment

What is a vulnerability?

A vulnerability is a flaw or misconfiguration in software, hardware or settings that lets an attacker into a system. A vulnerability assessment searches for these points systematically and rates their risk.

Publicly known vulnerabilities get a globally unique identifier, the CVE number, and a severity score under the CVSS scheme. Both are freely available. Attackers work from the same public sources as auditors do.

The practical lever is installing security updates. Just as important is documenting the systems that fall outside the update process, such as machine controllers or old industry software. Those systems need a conscious decision and protection at the network level.

All terms in the knowledge base

From the term to practice

Where does your business actually stand?

The IT Check reviews your IT across 8 audit areas with more than 100 individual checks and delivers documented findings with a prioritised action plan. From 1,299 € excl. VAT. The first call takes 20 minutes and carries no charge.

Book a first call