Microsoft Malware Protection Center recently published their third Security Intelligence Report. In that excerpt, all uses of the word threat should be replaced with the word vulnerability. Microsoft is clearly talking about discovering holes/flaws/problems in their software, i.e., vulnerabilities. The developers who focus on Microsoft’s software — those exercising the Microsoft Security Development Lifecycle — are using “threat” when they should be saying “vulnerability” It would be good for the SIR people to talk to the SDLC people.”]
Source: https://taosecurity.blogspot.com/2007/10/microsoft-explain-threats-to-microsoft.html