# Security Mangement
### Vulnerability vs Risk
Vulnerability: A vulnerability is a weakness in a system or application that may be exploited to violate that specific system without any context to the impact involved. Vulnerability refers to the security flaws in or a computer or system that allow an attack to be successful. A successful compromise of a vulnerability may result in data manipulation, code execution, data loss etc.
Risk: Risk is the intersection of threats, assets, and vulnerabilities. The potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability. Risk is essentially the level of possibility that an action will lead to lead to a loss or to an undesired outcome. The risk may even pay off and not lead to a loss, it may lead to a gain. A risk assessment is performed to determine the most important potential security breaches to address now, rather than later.
### Threat vs Exploit
Threat: A threat is what we’re trying to protect against. A potential danger to the machine system. It describes something that a company doesn’t want to happen. The successful exploitation of the vulnerability is a threat. A threat may be a malicious attacker who is attempting to obtain unauthorized access to an asset. Natural or man-made occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment and/or property.
Exploit: The exploit is something that takes advantage of vulnerability in an asset to generate unintended or unexpected behavior in the target system, which would enable an attacker to get access to data or information.
### What is Open Source Software?
Open source software is software with source code that anyone can inspect, modify, and enhance. Programmers who have access to a computer program’s source code can improve that program by adding features to it or fixing parts that don’t always work correctly.
### What is more secure? Open source project or proprietary project?
The securities of these projects depend mainly on the size of the project, the total number of the developers who are working under this project and the one factor, which is most essential as well as important, is the control of the quality. Just the type of project won’t determine its quality, the inside matter of the corresponding projects will matter.
### Where do you get your security news from?
### What are the advantages offered by bug bounty programs over normal testing practices?
You should hear coverage of many testers vs. one, incentivization, focus on rare bugs, etc.
### How would you measure how well a security team is doing?
Here we’re looking for them to ask us questions in return, such as, “What kind of team?” Answers that are bad include anything purely number-based like number of IDS events, or widget-thingies detected.
### Who’s more dangerous to an organization, insiders or outsiders?
### Vulnerability Assessment vs Penetration Testing
Vulnerability Assessment is an approach used to find flaws in an application/network whereas Penetration testing is the practice of finding exploitable vulnerabilities like a real attacker will do. VA is like travelling on the surface whereas PT is digging it for gold.
### Chain of Custody
Protocol for handling physical proof that will be introduced in a courtroom, ensuring evidence complies with the rules of criminal procedure.
When keeping track of data or equipment for use in legal proceedings, it needs to remain in a pristine state.
Therefore, documenting exactly who has had access to what for how long is vital when dealing with this situation.
Any compromise in the data can lead to legal issues for the parties involved and can lead to a mistrial or contempt depending on the scenario
Sign in with Wallet
Connect another wallet