A bug or flaw or a state of being exposed that leads to a critical hacking attack from the Hacker is called Vulnerability.
It is the process by which security flaws in technology are identified. Vulnerability research does not always involve reverse engineering, code analysis, etc. Performing vulnerability research against technology pre-release enables technology vendors to provide their customers with higher quality products and higher levels of trust and security.
Vulnerability analysis is the process of defining, identifying, classifying, and prioritizing vulnerabilities in computer systems, applications, or network infrastructure. This phase allows the organization to perform security assessments with the necessary knowledge, awareness, and risk background to understand the threats and react appropriately.
Attackers perform vulnerability analysis to identify security loopholes in the target organization’s network or communication infrastructure. Attackers take advantage of identified vulnerabilities to perform further exploitation of that target network.
The vulnerability scanner (software) compares details about the target attack surface to a database of information about known security vulnerabilities in services and ports, anomalies in packet construction, and potential paths to exploitable programs or scripts.
CVE is a dictionary of standardized identifiers for common software vulnerabilities and exposures. CVE IDs, i.e., CVE-2018-1002100 which are assigned by CVE Numbering Authorities from around the world, ensures confidence when used to share information about a unique software or firmware vulnerability, provides a baseline for tool evaluation, and enables data exchange. CVE IDs act as a benchmark for evaluating security services
CVSS is a published standard that provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. Its quantitative model ensures accurate measurement while enabling users to see the underlying vulnerability characteristics that were used to generate the scores. The National Vulnerability Database (NVD) provides CVSS scores for almost all known vulnerabilities. CVSS assessment consists of three metrics for measuring vulnerabilities.
Each metrics sets a score from 1-10, ten being the most severe. CVSS score is calculated and generated by a vector string, which represents the numerical score for each group in the form of a block of text. CVSS calculator is developed to rank the security vulnerabilities and provide the user with the overall severity and risk related to the vulnerability.