La definizione è ripresa Internet Engineering Task Force RFC 4949 Internet Security Glossary, Version 2, che definisce vulnerability come A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy