Vulnerability is ...

... "an inherent and potentially exploitable weakness in an information asset, system, process, organisation etc." [source: SecAware glossary]

... exposed by one or more missing, ineffective or inadequate controls

... “a security weakness in a computer” [source: NIST SP800-114 rev1]

... “a weakness, susceptibility or flaw of an asset or control
that can 
be exploited by one or more threats”
[source: Financial Stability Board 
Cyber Lexicon]

... "weakness of an asset or control that can be exploited
by one or more 
threats” [source: ISO/IEC 27000]

... "weakness in a system, system security procedures,
internal controls, or implementation that could be
exploited or triggered by a threat"
[source: 
NIST SP 1800-17b]

... a chink in the armour

... a gap in our defences

... revealed in incidents

... asking for trouble

... taking a chance

... misplaced trust

... the weak link

... unprotected

... an opening

... exploitable

... a soft spot

... deficiency

... endearing

... weakness

... inevitable

... inherent

... pathetic

... a flaw

... latent

... a bug

...


But wait, there's more ...