There are three main classes of vulnerability by which the distinction for the types of flaws, both local and remote, can be made. These classes are generally divided into the categories of design, implementation, and operational vulnerabilities:
- Design vulnerabilities: These are discovered owing to the weaknesses found in the software specifications.
- Implementation vulnerabilities: These are technical security glitches found in the code of a system.
- Operational vulnerabilities: These are vulnerabilities that may arise due to the improper configuration and deployment of a system in a specific environment.
Based on these three classes, we have two generic types of vulnerabilities, local and remote, which can appear in any class of the vulnerabilities explained.