Vulnerabilities are a flaw or weaknesses in a system security procedure, design, implementation, or control that could be intentionally or unintentionally exercised by a threat.
The goal of this program is to develop a list of vulnerabilities (flaws or weaknesses) that could be exploited by potential threat sources.
This list should focus on realistic technical and nontechnical areas where critical information can be disclosed without proper authorization, improperly modified, or made unavailable when needed.