{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Animai°情兽 的问题《Bugs versus vulnerabilities?》','https://www.manongdao.com/q-1332815.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
What, if any, is the difference between a software bug and a software vulnerability?
相关问题
- “Zero out” sensitive String data in Swift
- High cost encryption but less cost decryption
- How to restrict VOB read access in ClearCase (Wind
- Is it appropriate to secure/hide Swagger/OpenAPI S
- java 11 HttpClient leads to endless SSL loop even
相关文章
- Warning : HTML 1300 Navigation occured?
- Security concerns about CORS
- How do I prevent SQL injection with ColdFusion
- LINQ to Entities and SQL Injection
- How to use Google application-specific password in
- Will re-populating a password field in a form be a
- AWS - Configuring access to EC2 instance from Bean
- Shiro complaining “There is no session with id xxx
Wikipedia:
For example, home computers are vulnerable to physical threats like flood and hand grenades, but they are not considered a "bug". In enterprise environment, these threats are treated with more seriousness if the risk of system shutting down is great enough, maybe for air traffic support or nuclear reactor management.
Business continuity planning/disaster recovery and high availability usually deals with physical threats and failures by redundant hardware and distributing servers to remote locations.
Classification of software defect (or "bug") can be subjective, since it depends on the intent of the software design and requirements. A feature for a given set of audience may be interpreted as a vulnerability to the other if abused. For example, stackoverflow.com now discloses self-closed questions to those with 10k reps. Some may say it is a vulnerability since it violates common expectation of ordinary users (Like I said, it's a subjective call).
Vulnerability is a subset of bug.
A bug is any defect in a product.
A vulnerability is bug that manifests as an opportunity for malicious use of the product. Vulnerabilities generally are not that clearly evident, but require ingenuity to be exploited.
From a programming perspective, I believe there is no difference between a bug and a vulnerability. They are both mistakes in the software.
However, from a security perspective, a vulnerability is a class of bugs that can be manipulated in some fashion by a malicious person.
A bug is when a system isn't behaving as it's designed to behave.
A vulnerability is a way of abusing the system (most commonly in a security-related way) - whether that's due to a design fault or an implementation fault. In other words, something can have a vulnerability due to a defective design, even if the implementation of that design is perfect.
A bug is a failure of your system to meet requirements.
Vulnerability is a subset of bug - it is when your system can be forced into a failure mode that does not meet requirements, usually by (ab)using your system (or something your system relies on) in an unexpected way.
Usually a vulnerability may result in failure to meet a requirement in one or more of these areas:
or you can combine the last two:
A bug is the failure of software to meet requirements. I would consider these to be the ideal requirements, so it would make sense to say that there's a bug in the requirements analysis, although that's more debatable.
A vulnerability is a feature, intended or otherwise, that can be exploited maliciously. It is not necessarily a bug, provided that it was deliberate.
To change subjects, it is a vulnerability that my home wireless has a guessable WPA password, but that was a conscious choice, to facilitate use by my guests. That's an example of requirements leading to a vulnerability. If I'd entered a weak password because I didn't know better, that would have been a bug as well as a vulnerability.