Software Vulnerabilities—What Are They?

Software vulnerabilities are everywhere—often hiding in the very tools and dependencies developers use every day. In this course, you’ll uncover how these weaknesses form, how they’re exploited, and what makes them so dangerous at scale.

You’ll explore how vulnerabilities are reported through programs like the Common Vulnerabilities and Exposures (CVE) system and scored using the Common Vulnerability Scoring System (CVSS). Through real-world examples like Log4Shell, Heartbleed, and Shellshock, you’ll see how a single flaw can ripple across millions of systems.

Finally, you’ll learn how emerging U.S. regulations and federal programs—like CISA’s Known Exploited Vulnerabilities Catalog and FedRAMP—are driving stronger standards for vulnerability management across the software industry.

By the end, you’ll have a clear understanding of what software vulnerabilities are, how they spread, and why managing them is critical to keeping modern systems secure.

By the end of this course, you will:

• Define what a software vulnerability is and describe how it can be exploited.
• Explain how vulnerabilities are cataloged and shared through the CVE system.
• Interpret CVSS scores and explain how they help prioritize remediation.
• Identify the purpose of CISA’s Known Exploited Vulnerabilities (KEV) Catalog.
• Recognize major historical vulnerabilities (e.g., Log4Shell, Heartbleed, Shellshock) and their impacts.
• Summarize recent U.S. cybersecurity policies and FedRAMP requirements related to vulnerability management.
• Articulate why proactive vulnerability management is essential for secure software development.