A security bug or security defect is a software bug that can be exploited to gain unauthorized access or privileges on a computer system. Security bugs introduce security vulnerabilities by compromising one or more of:
- Authentication of users and other entities 
- Authorization of access rights and privileges 
- Data confidentiality
- Data integrity
Security bugs need not be identified nor exploited to qualify as such.
Security bugs generally fall into a fairly small number of broad categories that include:
- Memory safety (e.g. buffer overflow and dangling pointer bugs)
- Race condition
- Secure input and output handling
- Faulty use of an API
- Improper use case handling
- Improper exception handling
- Resource leaks, often but not always due to improper exception handling
- Preprocessing input strings after they are checked for being acceptable.
- "CWE/SANS TOP 25 Most Dangerous Software Errors". SANS. Retrieved 13 July 2012.
- "Software Quality and Software Security". 2008-11-02. Retrieved 2017-04-28.
- "Security vulnerability categories in major software systems". 2006-01-01. Retrieved 2017-04-28.