Weakness

 Definition(s):

Defect or characteristic that may lead to undesirable behavior.

 Source: NIST NIST SP 800-160v1r1 from ISO/SAE 21434:2021

(As used in this volume) Poor coding practices, as exemplified by CWEs

 Source: NIST NISTIR 8011 Vol. 4

Patch

 Definition(s):

A software component that, when installed, directly modifies files or device settings related to a different software component without changing the version number or release details for the related software component.

 Source: NIST CNSSI 4009-2015 from ISO/IEC 19770-2

A “repair job” for a piece of programming; also known as a “fix”. A patch is the immediate solution to an identified problem that is provided to users; it can sometimes be downloaded from the software maker’s Web site. The patch is not necessarily the best solution for the problem, and the product developers often find a better solution to provide when they package the product for its next release. A patch is usually developed and distributed as a replacement for or an insertion in compiled code (that is, in a binary file or object module). In many operating systems, a special program is provided to manage and track the installation of patches.

 Source: NIST NIST SP 800-45 Version 2 under Patch

A “repair job” for a piece of programming; also known as a “fix.” A patch is the immediate solution that is provided to users; it can sometimes be downloaded from the software maker’s Web site. The patch is not necessarily the best solution for the problem, and product developers often find a better solution to provide when they package the product for its next release. A patch is usually developed and distributed as a replacement for or an insertion in compiled code (that is, in a binary file or object module). In many operating systems, a special program is provided to manage and track the installation of patches.

 Source: NIST NIST SP 800-44 Version 2 under Patch