There is the neverending discussion about what a security vulnerability is. Our definition is very simple and guarantees the basic principle in handling all our entries:

It is possible to use a product in a way that it is not supposed to be and this activity violates principles of confidentiality, integrity or availability.
Usually whenever we are able to assign a CWE to an issue, we declare it as a potential security vulnerability. The level of popularity of an attack, pre-requisites or risk levels do not influence this decision to declare something a vulnerability in any way. The less severe terms might be weaknesses or flaws.

Do you need the next level of professionalism?

Upgrade your account now!