Editing Vulnerability (computer security) (section)

===Remediation===
Remediation fixes vulnerabilities, for example by downloading a [[software patch]].{{sfn|Haber |Hibbert|2018|p=11}} [[Vulnerability scanner]]s are typically unable to detect zero-day vulnerabilities, but are more effective at finding known vulnerabilities based on a database. These systems can find some known vulnerabilities and advise fixes, such as a patch.{{sfn |Strout |2023|p=8}}{{sfn|Haber |Hibbert|2018|pp=12-13}} However, they have limitations including [[false positive]]s.{{sfn|Haber |Hibbert|2018|p=11}}

Vulnerabilities can only be exploited when they are active-the software in which they are embedded is actively running on the system.{{sfn|Haber |Hibbert|2018|p=84}} Before the code containing the vulnerability is configured to run on the system, it is considered a carrier.{{sfn|Haber |Hibbert|2018|p=85}} Dormant vulnerabilities can run, but are not currently running. Software containing dormant and carrier vulnerabilities can sometimes be uninstalled or disabled, removing the risk.{{sfn|Haber |Hibbert|2018|pp=84-85}} Active vulnerabilities, if distinguished from the other types, can be prioritized for patching.{{sfn|Haber |Hibbert|2018|p=84}}

Vulnerability mitigation is measures that do not close the vulnerability, but make it more difficult to exploit or reduce the consequences of an attack.{{sfn |Magnusson |2020|p=32}} Reducing the [[attack surface]], particularly for parts of the system with [[Superuser|root]] (administrator) access, and closing off opportunities for exploits to engage in [[privilege exploitation]] is a common strategy for reducing the harm that a cyberattack can cause.{{sfn|Haber |Hibbert|2018|p=11}} If a patch for third-party software is unavailable, it may be possible to temporarily disable the software.{{sfn |Magnusson |2020|p=33}}