Vulnerability

Vulnerability is the term we use to identify a weakness, either in the design, integration, or operation of a system or device. Vulnerabilities are ever present, and countless new ones are discovered every day. Many online databases and web portals now provide us with automated updates on newly discovered vulnerabilities. The following diagram shows the relationships between each of these concepts:

Vulnerabilities may be deficiencies in a device's physical protection (for example, weaknesses in a device's casing, enabling it to be easily tampered with), software quality, configuration, and the suitability of communication protocol selection and implementation for its environment. They can include just about anything in the device, from design implementation deficiencies in the hardware (for example, allowing tampering with FPGA or EEPROM), to internal physical architecture and interfaces, the operating system, or applications. Attackers are well aware of the vulnerability potentials. They will typically seek to unearth the vulnerabilities that are easiest, least costly, or fastest to exploit. Malicious hacking drives a for-profit marketplace of its own in the dark web where malicious hackers value, price, sell, and buy exploits with expected Returns On Investment (ROI). While threat represents the potential for an exploit, vulnerability is the actual target of the exploit from the threat actor.