What we really mean when we talk about 'vulnerability'

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
A diagram illustrating what we are *REALLY* looking for when we try finding vulnerabilities in various codebases from both perspectives of the model of LangSec (unexpected states, circle on the left) and the model of data flows (tainted data flows, circle on the right)

In a word:

The program/automaton("the weird machine") somehow eventually gets to an unexpected state by itself through at least one unexpected state transformation, which is caused by a user-crafted data flow.


It's from a pure technical viewpoint and has nothing to do with some so-called branches/categories of "security"(such as OpSec, Reverse Engineering, Forensics(without exploitation), Unauthorized access, or something like that).

The point here is whether there's any *unexpected* and exploitable behavior involved in the target *itself*.

Just my humble opinion, feel free to correct me.

点击右边的按钮加载评论,如果无法加载那估计是被墙啦..你看着办w