Abstract: In this work, we define the notions of software bug, weakness, and vulnerability in the context of cybersecurity and elucidate their causal relations.