Developers often think of software quality in terms of faults and failures. Faults are problems (for example, loops that never terminate or misplaced commas in statements) that developers can see by looking at the code. Failures are problems, such as a system crash or the invocation of the wrong function, that are visible to the user. Thus, faults can exist in programs but never become failures, because the conditions under which a fault becomes a failure are never reached. How do software vulnerabilities fit into this scheme of faults and failures? Is every fault a vulnerability? Is every vulnerability a fault?

While developing application solutions, software developers are always advised to consider producing secure code that is not vulnerable to hacks. Vulnerabilities, in the simplest of terms, can be described as an error or a fault in code. These errors or bugs, as a result, can cause unexpected actions like system crashes or connectivity issues. Some can go as far as creating information leakage and allowing unauthorized system access. Therefore, it is almost always certain that some bugs will cause vulnerabilities on software that have those bugs in them. It is also fit to say that faults in software are part of a larger list of factors that can cause software vulnerabilities. However, note that not all vulnerabilities are faults.