Term

flaw

An error in the design, implementation, or operation of an information system. A flaw may result in a vulnerability. (Compare: vulnerability.)

Senses

1 (I)

An error in the design, implementation, or operation of an information system. A flaw may result in a vulnerability. (Compare: vulnerability.)

References

IETF RFC 4949 (Internet Security Glossary)Jan 06, 2026
RFC 4949 — Internet Security Glossary (Version 2)
https://www.rfc-editor.org/rfc/rfc4949.txt
RFC 4949 is published by the IETF Trust and marked as "Distribution of this memo is unlimited". Verify IETF Trust copyright/licensing terms for reuse.
Source: IETF RFC 4949 (rfc-editor.org).

2 (D)

"An error of commission, omission, or oversight in a system that allows protection mechanisms to be bypassed." [NCSSG] (Compare: vulnerability. See: brain-damaged.)

Deprecated Definition: IDOCs SHOULD NOT use this term with definition 2; not every flaw is a vulnerability.

References

IETF RFC 4949 (Internet Security Glossary)Jan 06, 2026
RFC 4949 — Internet Security Glossary (Version 2)
https://www.rfc-editor.org/rfc/rfc4949.txt
RFC 4949 is published by the IETF Trust and marked as "Distribution of this memo is unlimited". Verify IETF Trust copyright/licensing terms for reuse.
Source: IETF RFC 4949 (rfc-editor.org).