5 collocation exercises on vulnerability language — patching, exploiting, hardening, mitigating, and disclosing.
0 / 5 completed
1 / 5
A security flaw is found in a library. The team installs a fix to close it. They ___ the vulnerability.
Patch a vulnerability means applying a fix/update that closes the security flaw.
patch a vulnerability / a flaw / a CVE
Noun: a security patch
Attackers do the opposite — they exploit a vulnerability. "Plug up" and "mend" aren't standard. Example: "Patch the vulnerability before the exploit goes public."
2 / 5
An attacker takes advantage of an unpatched flaw to break in. They ___ the vulnerability.
Exploit a vulnerability means abusing a flaw to gain unauthorised access or behaviour.
exploit a vulnerability / a bug
Noun: an exploit; a brand-new one is a zero-day
"Leverage out" and "crack open" aren't the security collocation. Example: "Attackers exploited the unpatched flaw within hours."
3 / 5
To reduce the attack surface of a server (disable services, tighten config), the team will ___ it.
Harden a system means tightening its configuration to reduce attack surface.
harden a server / an image / a config
Often follows a hardening guide or benchmark (e.g., CIS)
"Toughen up" and "fortress" aren't standard. Example: "We hardened the base image by removing unused packages."
4 / 5
A fix isn't ready yet, but the team adds a temporary control to reduce the risk. They ___ the issue.
Mitigate means reducing the impact or likelihood of a risk, even without a full fix.
mitigate a risk / a vulnerability / an issue
Noun: a mitigation — a stopgap control while a patch is built
"Soften off" and "dull down" aren't used. Example: "We mitigated the flaw with a WAF rule until the patch ships."
5 / 5
A researcher reports a vulnerability responsibly to the vendor before going public. They ___ it.
Disclose is the standard term for reporting a vulnerability, especially responsible or coordinated disclosure.
disclose a vulnerability — report it through proper channels
Separately, attackers may escalate privileges — gain higher access than granted
"Leak" implies a careless exposure, not responsible reporting. Example: "They privately disclosed the bug and gave 90 days to patch."