A threat is anything (a malicious external attacker, an internal user, a system instability, etc) that may harm the assets owned by an application (resources of value, such as the data in a database or in the file system) by exploiting a vulnerability.
What is a vulnerability ?
A vulnerability is a flaw or weakness in a system’s design, implementation, operation or management that could be exploited to compromise the system’s security objectives.
What is the difference between a risk, a threat and a vulnerability?
A threat is any circumstance or event that has the potential to compromise confidentiality, integrity, or availability. A vulnerability is a weakness. It can be a weakness in the hardware, software, configuration, or users operating the system. A risk is the possibility of a threat exploiting a vulnerability and resulting in a loss. Risk mitigation […]