What term refers to flaws that can be exploited by an external threat?

The term that refers to flaws that can be exploited by an external threat is known as a vulnerability. Vulnerabilities are weaknesses in a system, application, or network that can be leveraged by an attacker to gain unauthorized access or cause damage. They might stem from various sources, such as inadequate security controls, outdated software, misconfigurations, or lack of user awareness.

Understanding vulnerabilities is crucial in the context of cybersecurity, as identifying and addressing these weaknesses is a fundamental step in protecting information systems from potential attacks. This concept is central to penetration testing, where the goal is to find and exploit vulnerabilities to assess the security posture of an organization.

In contrast, risk refers to the potential for loss or damage when a threat exploits a vulnerability. A threat is any potential danger that could exploit a vulnerability, while mitigation refers to the measures taken to reduce or eliminate risks. Together, these concepts form the basis of a comprehensive approach to security management, but it is the vulnerability itself that highlights the specific flaws that can be exploited.