Skip to content

Exploits, Malware, and Incidents

Any discussion of vulnerabilities would be incomplete without also discussing exploits, malware, and incidents. These terms are closely related to vulnerabilities, but they are not the same thing.

Exploit

An exploit is software that uses a vulnerability to achieve some effect. Sometimes the effect is as simple as demonstrating the existence of the vulnerability. Other times it plays a role in enabling adversaries to attack systems.

Malware

Malware is software used by adversaries to compromise the security of a system or systems. Some malware involves exploits to achieve its goals, but not all malware involves exploits.

Incident

An incident is a violation or an attempted violation of a security policy, and may involve malware, exploits, or vulnerabilities (or none of these!)