All security vulnerabilities in software are the result of security bugs, or defects, within the software.
In most cases, these defects are created by two primary causes:
(1) non-conformance, or a failure to satisfy requirements; and
(2) an error or omission in the software requirements..