Talk:Vulnerability (computer security)
Page contents not supported in other languages.
 | Security bug was nominated fordeletion.The discussion was closed on3 July 2025 with a consensus tomerge. Its contents weremerged intoVulnerability (computer security). The original page is now a redirect to this page. For the contribution history and old versions of the redirected article, please seeits history; for its talk page, seehere. |
| This is thetalk page for discussing improvements to theVulnerability (computer security) article. This isnot a forum for general discussion of the subject of the article. |
Article policies |
| Find sources: Google (books ·news ·scholar ·free images ·WP refs) ·FENS ·JSTOR ·TWL |
 | This article is ratedB-class on Wikipedia'scontent assessment scale. It is of interest to the followingWikiProjects: | |||||||||||||||||||||
| ||||||||||||||||||||||
 | Tip: Anchors arecase-sensitive in most browsers. This article containsbroken links to one or more targetanchors:
The anchors may have been removed, renamed, or are no longer valid. Please fix them by following the link above, checking thepage history of the target pages, or updating the links. Remove this template after the problem is fixed |Report an error |
I think this is a good idea -- the Software security vulnerability article can be used as part of the Vulnerability article.
I am curious, doesn't vulnerability need to say that its "vulnerable to" something? for example, we don't say that "New Orleans is vulnerable." We might say that "New Orleans has a high vulnerability to a Force 5 hurricane" but could we just say that the "New Orleans Levees have high vulnerabilities to hurricanes" I don't think so since they really were only vulnerable to level 5 and higher. There needs to be a force against. Or a Threat... in fact more specifically, there needs to be a specific amount of threat. Like FORCE 5 hurricanes. In computing, vendors have erroneously stated that a server has a high vulnerability... but often without regard to what amount threat. My server has almost no vulnerabilities if my threat agent is a four-year-old girl. But a skilled, malicious hacker sponsored by a terrorist state might make Swiss cheese of my server. Did my vulnerability just change based on the threat agent's capabilities? I think it did. Maybe we should consider adding something that states that vendors of security products typically over-generalize the acting threat agents... or do they even consider them? -- Anonymous
There are computer vulnerabilities, network vulnerabilities, application vulnerabilities ... each layer of the network stack is subject to attacks based on the properties of that layer. Like saying New Orleans is vulnerable to weather, famine, disease ...Tanjstaffl(talk)00:26, 19 April 2007 (UTC)[reply]
Kernel.package (talk)21:30, 27 December 2010 (UTC)[reply]
Vulnerability to poverty is a measure which describes the greater probability to certain communities or individuals of becoming poor or remaining poor in the coming yearsEdwin saji 83 (talk)23:49, 5 December 2018 (UTC)[reply]
Vulnerability is determined by the options available to different communities for finding an alternative living in terms of assets, education, health and job opportunitiesEdwin saji 83 (talk)23:57, 5 December 2018 (UTC)[reply]
I think the section on full disclosure starts out good, showing a balanced view of the topic, but then takes a biased point of view, I myself am generally considered an expert in the security arena that the public listens to and I don't fully agree with full disclosure, its a complicated issue, it should be discussed by all means but the sentence that reads "From the security perspective, only a free and public disclosure can ensure that all interested parties get the relevant information. Security through obscurity is a concept that most experts consider unreliable." onward takes a biased view point on the issue, there are pros and cons to both sides and wikipedia shouldnt be taking sides on this or any contravercial issue --Michael Lynn23:39, 20 March 2007 (UTC)[reply]
it bugs me to see so many links to commercial products here, its not representative of the whole market and even if it was, this is not an advertising venue, its an encyclopedia, can we clean up that garbage? --Michael Lynn22:14, 13 April 2007 (UTC)[reply]
The first paragraph seems to have been plagiarized fromhttp://www.techcert.lk/index.php?option=com_content&task=view&id=5&Itemid=33 so I have removed it. --Waldo (talk)
I removed this; it was reverted. Fair enough. But I hope that a good reference will be added soon, or I'll remove it again.
Memory allocation bugs are a big source of vulnerabilities. But who calls memory allocation a vulnerability? Likewise, people screw up all the time with pointers. But I've never heard the pointers themselves called "a vulnerability." A potentialsource of vulnerabilities, sure.
Now, it's entirely possible that during my existence I've just completely missed this use of terminology. If it is in fact used in practice, please add a reliable reference. Thanks,WalterGR (talk |contributions)01:18, 18 March 2008 (UTC)[reply]
This article has been tagged for a long time. Are there still active disputes? If so, let's address them. If not, or no one cares, let's delete any problematic sections of the article, and remove the tags. --Elonka04:39, 3 August 2008 (UTC)[reply]
See my comments onTalk:Zero-day attack --AlastairIrvine (talk)17:58, 10 April 2014 (UTC)[reply]
Peripheral devices vulnerabilities are well known threat for number of years , articles published by number of Universities , Forbes , Checkmarx , Mashable , Android Authority and dozens of other sites.
Hello fellow Wikipedians,
I have just added archive links to 2 external links onVulnerability (computing). Please take a moment to reviewmy edit. If necessary, add{{cbignore}} after the link to keep me from modifying it. Alternatively, you can add{{nobots|deny=InternetArchiveBot}} to keep me off the page altogether. I made the following changes:
When you have finished reviewing my changes, please set thechecked parameter below totrue to let others know.
This message was posted before February 2018.After February 2018, "External links modified" talk page sections are no longer generated or monitored byInternetArchiveBot. No special action is required regarding these talk page notices, other thanregular verification using the archive tool instructions below. Editorshave permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see theRfC before doing mass systematic removals. This message is updated dynamically through the template{{source check}}(last update: 5 June 2024).
Cheers.—cyberbot IITalk to my owner:Online09:35, 9 January 2016 (UTC)[reply]
Hello fellow Wikipedians,
I have just modified one external link onVulnerability (computing). Please take a moment to reviewmy edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visitthis simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.After February 2018, "External links modified" talk page sections are no longer generated or monitored byInternetArchiveBot. No special action is required regarding these talk page notices, other thanregular verification using the archive tool instructions below. Editorshave permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see theRfC before doing mass systematic removals. This message is updated dynamically through the template{{source check}}(last update: 5 June 2024).
Cheers.—InternetArchiveBot(Report bug)16:19, 24 December 2017 (UTC)[reply]
The sentence "Vulnerabilities are the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw" was simply wrong. Removed. All definitions provided in this article are correct, while the sentence is correct for a (security) breach, not for a vulnerability. There is already the same comment here in the talk page.Truman (talk)13:54, 10 May 2018 (UTC)[reply]
 | Thisedit request by an editor with a conflict of interest has now been answered. |
Please replace the content of the article withUser:Buidhe paid/Vulnerability (computing). Reason: Improve content + sourcing, add new sections on such topics as vulnerability management, lifecycle, assessment, and legal issues. Thanks!Buidhe paid (talk)23:56, 3 May 2024 (UTC)[reply]
Done v/r -Seawolf35T--C13:23, 9 May 2024 (UTC)[reply]Summary of changes as a result of the Wiki99 project (before,after,diff):
Future steps for other editors to consider:
Buidhe paid (talk)19:33, 10 May 2024 (UTC)[reply]
I propose mergingSecurity bug intoVulnerability (computer security). Both terms are synonymous. The former sounds like aneologism and has considerably less content.HourWatch (talk)14:47, 26 May 2025 (UTC)[reply]
