By Robert Cott

One of the biggest concerns when an exploit is released in the “wild” is precisely understand the implications and the extensibility of this new form of attack.

Normally, those classifications are clearly defined in bulletins, notes, forums, etc. But the question arises then; defined to whom, to everybody or to security professionals only?

 People often don’t understand that some terminology used to define things and actions could be clearly explicit for some and completely “Chinese” for the rest of the population. Based on these axioms, we could compile some standard definitions for security threat implications; since there is “nothing new under the sun” some of them were reproduced from the Microsoft Site.

Term Definitions:

Vulnerability - Software, hardware, a procedural weakness, a feature, or a configuration that could be a weak point exploited during an attack. This is also called an “exposure”.

Attack - A thread agent attempting to take advantage of vulnerabilities for unwelcome purposes.

Countermeasure - Software configurations, hardware or procedures that reduce risk in a computer environment also called a safeguard or mitigation.

Threat Agent - The person or process attacking a system through a vulnerability in a way that violates your security policy.

Vulnerabilities - Various ways through which a software could become vulnerable to attack.

Well folks, that’s all for now; as “StarGate SG-1” would say, “We are trying to protect the servers one chapter at a time."

Next chapter will be Software Vulnerabilities Terms and Definitions. Please “Dial the Gate” now.