A software vulnerability is a weakness in a software component or product that allows an attacker to use the software component or product in a manner that was not intended, e.g., to reduce a processing system's ability to secure data and expose confidential information. Software developers often build software products using software components that are tracked for vulnerabilities by third-party agencies such as the U.S. National Institute of Standards and Technology, which maintains the National Vulnerability Database, a repository of standards-based vulnerability management data and enables vulnerability management, security measures, and compliance.
When a software developer determines that a software component that he has used in a software product contains a vulnerability, he may choose to fix or remediate the vulnerability by patching the software component, using an updated revision of the component, or making other changes to the software component or product to lessen or remove the vulnerability.