Defense & Operations
Vulnerability Assessment
Also known as: VA, Vulnerability review
Definition
A systematic review of an environment to identify, classify, and prioritize security weaknesses, typically without active exploitation.
Examples
- A quarterly internal vulnerability assessment that produces a ranked remediation backlog for IT operations.
- A pre-deployment assessment of a new SaaS tenant against the CIS Benchmarks.
Related terms
Vulnerability Scanning
Automated process that probes systems, applications, or containers against known vulnerability signatures to produce a list of potential weaknesses.
Penetration Testing
An authorized, simulated cyberattack against systems, applications, or people to identify exploitable weaknesses before real adversaries do.
Patch Management
The end-to-end process of identifying, testing, deploying, and verifying software updates that fix vulnerabilities or bugs.
CVSS (Common Vulnerability Scoring System)
An open framework, maintained by FIRST, that produces a 0–10 severity score for a vulnerability based on its exploitation characteristics and impact.
Attack Surface Management (ASM)
Continuous discovery, inventory, classification, and monitoring of all assets that expose an organization to potential cyberattack.
Security Posture
Security Posture — definition coming soon.