Basics
Vulnerability and vulnerability assessment
What is a vulnerability?
A vulnerability is a flaw or misconfiguration in software, hardware or settings that lets an attacker into a system. A vulnerability assessment searches for these points systematically and rates their risk.
Publicly known vulnerabilities get a globally unique identifier, the CVE number, and a severity score under the CVSS scheme. Both are freely available. Attackers work from the same public sources as auditors do.
The practical lever is installing security updates. Just as important is documenting the systems that fall outside the update process, such as machine controllers or old industry software. Those systems need a conscious decision and protection at the network level.
All terms in the knowledge base
Note: This entry reflects the state of knowledge to the best of our understanding and serves as general orientation. It is not legal advice. What counts is always the version currently in force at the responsible body, for example dsb.gv.at, nis.gv.at or enisa.europa.eu.
From the term to practice
Where does your business actually stand?
The IT Check reviews your IT across 8 audit areas with more than 100 individual checks and delivers documented findings with a prioritised action plan. From 1,299 € excl. VAT. The first call takes 20 minutes and carries no charge.