Security, whether focused on physical, cyber, operational, or other domains, is an interesting topic that lends itself to considerable debate among practitioners. There are, however, basic concepts and underpinnings that pervade general security theory. One of the most important, yet often misunderstood concepts are those inextricably entwined concepts of vulnerabilities and exploits. These basic underpinnings are critical in all security domains.
What are exploits and vulnerabilities and why are they important to the study of security?
First, security cannot be considered a binary concept such as: “secure” or “not secure”. The appropriateness of any security strategy is relative to the controls implemented to address to identified risks. One cannot say: “my house is secure”. The measure of security is predicated upon the identified risks and the associated controls implemented to address those risks. One can say: &ldquo…