Erroneous entries or missed entries by designers, implementer,
maintainers, administrators, and/or users create vulnerabilities exploited
by attackers. Examples include forgetting to eliminate default accounts and
passwords when installing a system, incorrectly setting protections on
network services, and a wide range of other minor mistakes that can lead to
disaster.
Complexity: There appear to be an unlimited (finite but
unbounded) number of possible errors and omissions in general purpose
systems. Special-purpose systems may be more constrained.
fc@red.a.net