Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog


Learn the Language of Vulnerability Assessment: Key Security Terms You Should Know

Your introduction to vulnerability assessment doesn't have to be confusing – let's go over the key terms.

When you're new to vulnerability assessment (VA) – or any other area of cybersecurity, for that matter – some aspects of the process might seem unfamiliar or confusing. This is particularly true of the jargon; cybersecurity and technology as a whole have a long list of specialized terminology. 

Now, let's be clear: You don't have to learn all of the words and their definitions from top to bottom right away. But it's important that you make yourself aware of the relevant language and key terms that security practitioners use every day while navigating the cyber trenches. Here’s a brief introduction.

The true definition of a vulnerability

Perhaps the most important point to keep in mind when learning the fundamentals of vulnerability assessment is the actual meaning of the word "vulnerability." The simplest accurate description is "any weakness in your network that can be exploited." It may be something as seemingly minor as a legacy application, or an app that's commonly used but doesn't feature the most recent patches. A vulnerability could also be a host on the network that lacks modern protections like next-generation firewalls or anti-malware features.

Keep in mind that “vulnerability” isn't a synonym for words like "malware," "virus," "trojan" or any of the other words that describe common cyberthreats. These cybersecurity hazards are often what emerge to take advantage of vulnerabilities that are present within some segment of your network or an asset connected to it (e.g., computers, mobile devices or operational technology such as network switches and control systems).

In addition to knowing the precise definition of a vulnerability, it's critical to understand that not all vulnerabilities are created equal. Some may only have minor negative effects on performance or affect only a small portion of the network. Others will pose clear and immediate danger to your environment and demand remediation as soon as possible. 

Arguably the best-known measurement for evaluating these threats is the Common Vulnerability Scoring System (CVSS),1 a scale devised by the Forum of Incident Response and Security Teams (FIRST) cybersecurity organization. While useful for beginners and worth knowing, it shouldn't be the only score you use: Its criteria don't take into account the sheer number of vulnerabilities out there and also fail to analyze how likely it is for these flaws to be leveraged by attackers. (Tenable's Predictive Prioritization process can more effectively gauge the impact of vulnerabilities and help you prioritize vulnerabilities to devise a better management strategy.)

Understanding the taxonomy of cyberthreats 

Another point of confusion in vulnerability assessment is the broad scope of terms used to describe cyberthreats. Many cybersecurity discussions invoke the term malicious software or "malware," but those just getting to know the subject might wonder what the difference is between that word and "virus."

Functionally, there isn't much difference – viruses are malware. But malware works as an effective category name, whereas "virus" doesn't. Cyberthreats falling under the malware umbrella include:2

  • Viruses: Malicious code that, once triggered through a user action like opening an attachment, can take control of existing apps within a host to "reproduce" itself and spread to other devices on a network. 
  • Worms: Standalone malicious software that is also capable of self-propagation (without human intervention) to spread to other hosts.3
  • Trojans: Malware disguised as programs or files a user needs.
  • Spyware: Programs that monitor activity of infected computers (e.g., keystroke loggers or "formjackers," used to steal credentials).
  • Botnets: Groups of automated, self-propagating applications that infect multiple machines and use them to conduct distributed denial of service attacks.

Then there's ransomware, which isn't one specific type of malware: any virus, worm, trojan or other malicious tool can fit the bill if it's used to gain leverage over a victimized organization and force ransom payments – many ransomware attacks employ data encryption or access denial as intimidation tactics.4

Reminder: All of those things listed above are not vulnerabilities – they're enabled by vulnerabilities.

Vulnerability assessment vs. vulnerability management

It's also important to know the difference between terms used to describe the process of mitigating vulnerabilities. For example, the terms “vulnerability assessment” and “vulnerability management” are not interchangeable. Assessment is a step in the vulnerability management process, and vulnerability scanning allows you to create the assessment. (Along similar lines, remember that Nessus Professional is primarily a vulnerability assessment solution; for an all-in-one vulnerability management suite, see Tenable’s enterprise platform products.)

Scans examine your network as broadly or narrowly as you choose: the entire network, a small number of hosts within one department of your organization or any range in between. When scanning is complete, you'll have a preliminary vulnerability assessment report, which is the foundational step that enables further investigation. Penetration tests (which are sometimes erroneously conflated with vulnerability scanning) or threat modeling may be beneficial to demonstrate how vulnerabilities work in controlled settings and map out their ultimate consequences.

After scans, tests and other assessments, you can begin to address cyberthreats across your environment, in order of their immediacy and severity. Focus on the most critical areas of potential exposure first, such as customers' financial and personal data or publicly facing systems. Mitigation and/or remediation may be as simple as patching an app or operating system, or may require more consequential actions like removing programs, disabling hosts or temporarily shutting down a network.

Balancing security and compliance

The last major terminology-based discrepancy we want to discuss is between vulnerability and compliance scanning. 

Tools like Nessus Professional can conduct compliance scans to determine adherence to cybersecurity protocols with government regulations, as well as industry standards like PCI DSS. (These scans are based on benchmarks from the Center for Internet Security [CIS] as well as certain Security Technical Implementation Guides [STIGs].) But a compliance scan isn’t a full vulnerability scan because it only searches for issues that make your system noncompliant, rather than any flaws that expose you to breach or attack. Your best course of action is to conduct both types of scans and then address their results separately. 

Ready to get started? Nessus Professional is an excellent solution for anyone who's starting out with vulnerability assessment.

Try Nessus Free for 7 Days

1. FIRST, "Common Vulnerability Scoring System v 3.1: Specification Document"
2. CSO Online, "Malware Explained: How to Prevent, Detect and Recover From It," May 2019
3. Kaspersky, "What's the Difference Between a Virus and a Worm?", February 2020
4. Cybersecurity and Infrastructure Security Agency, "Ransomware Guidance and Resources"

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

Try Tenable.io


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable.io Web Application Scanning


Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.



Buy Now

Try Tenable.io Container Security


Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try Tenable Lumin


Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.


Continuously detect and respond to Active Directory attacks. No agents. No privileges. On-prem and in the cloud.