Adam Shostack  1d ago

Please nitpick the following (or suggest an authority, such as NIST or CISA )

A vulnerability is a weakness that can be exploited to gain some goal or milestone for an attacker, such as the ability to run code. Vulnerabilities are usually bugs which get patched, and weaknesses are a broader set that includes susceptibility to threats. Code which demonstrates that a vulnerability is exploitable is called “proof-of-concept” or PoC. A PoC may be developed into an exploit, which is code that actually achieves that goal. Weaponized exploit code has been made production-ready with reliability or integration into some attack framework. The attackers may be not be malicious, for example external researchers or penetration testers.

Show threadAlerta! Alerta!1d ago
@adamshostack Is a vulnerability something that benefits the attacker? Or something that hurts the attacked? (and being the IP-source of an attack on someone else *is* hurting the attacked)
Show threadAdam Shostack  1d ago
@heiglandreas I think that in this context, the vulnerability is a more specific concept than the wider English term.
Show threadAlerta! Alerta!

@adamshostack I know. I was asking myself that question every time I answer Bug-Bounty reports.

NIST defines it quite well in https://nvd.nist.gov/vuln - but that definition focuses on the attacked party and the impact on them.

Which is why I asked....

NVD - Vulnerabilities

Apr 4 at 8:09pmWeb
Show threadAdam Shostack  1d ago
@heiglandreas Yeah, I looked at that, and frankly, respond really negatively to "a negative impact to confidentiality, integrity, or availability" ; I've never found C/I/A to be that useful around RCE
Show threadAlerta! Alerta!1d ago

@adamshostack well does RCE not negatively influence integrity and confidentiality?

I mean... when someone can execurlte anything on a server, then integrity is compromised and confidentiality can't be guaranteed... 🤷

Show threadAdam Shostack  1d ago
@heiglandreas It absolutely does, but in a nuanced way that's far less salient than say, "pwned."