Exploits, Malware, and Incidents
Any discussion of vulnerabilities would be incomplete without also discussing exploits, malware, and incidents. These terms are closely related to vulnerabilities, but they are not the same thing.
Exploit
An exploit is software that uses a vulnerability to achieve some effect. Sometimes the effect is as simple as demonstrating the existence of the vulnerability. Other times it plays a role in enabling adversaries to attack systems.
Malware
Malware is software used by adversaries to compromise the security of a system or systems. Some malware involves exploits to achieve its goals, but not all malware involves exploits.
Incident
An incident is a violation or an attempted violation of a security policy, and may involve malware, exploits, or vulnerabilities (or none of these!)