How To Find Vulnerabilities In An Operating System

As mentioned previously, hackers first look for vulnerabilities to gain access. Then
they look for operating system (OS) vulnerabilities and for scanning tools that report
on those vulnerabilities.
Finding vulnerabilities specific to an OS is as easy as typing in a URL address and
clicking on the appropriate link. There are many organizations that provide “fulldisclosure”

information. Full disclosure is the practice of providing all information
to the public domain so that it isn’t known only to the hacker community.
Mitre, a government think tank, supports the Common Vulnerability and Exposures
(CVE) dictionary. As stated on their web site (http://cve.mitre.org), the goal is
to provide the following:
A list of standardized names for vulnerabilities and other information security
exposures—CVE aims to standardize the names for all publicly known
vulnerabilities and security exposures2.
Other security sites, such as SecurityFocus, CERT, the SANS Institute, and many
others, provide information about