Terminology was mentioned, I just sent this to the CVSS list.
A "vulnerability" is a weakness in the computational logic (e.g., code)
found in software and some hardware components (e.g., firmware) that,
when exploited, results in a negative impact to confidentiality,
integrity, OR availability.
"...one or more weaknesses that can be accidentally triggered or
intentionally exploited and result in a violation of desired system
properties. A weakness is an undesired characteristic of a system’s
requirements, design or implementation."