Imperfections in software code, design, architecture, or deployment that could become exploitable vulnerabilities under certain conditions. Weaknesses represent potential security flaws requiring evaluation to determine if remediation is necessary.

Neutral facilitators overseeing security exercises between red teams (attackers) and blue teams (defenders). White teams establish rules of engagement, monitor activities, evaluate performance, and document findings.

A list of approved entities such as IP addresses, email addresses, applications, or domains explicitly permitted to access systems or bypass security controls. Whitelisting blocks everything by default except approved items, providing strong security but requiring careful maintenance to avoid blocking legitimate traffic. Modern terminology favors "allow list" over "whitelist."

The estimated effort, time, and resources an adversary requires to overcome a security control. Work factor calculations guide security investment by ensuring controls impose costs exceeding potential gains.

Self-replicating malware that propagates independently across networks without requiring host files or user interaction. Worms exploit network vulnerabilities to spread automatically, consuming bandwidth and system resources while potentially delivering additional malicious payloads.