• Bugs in software cause unexpected results

• Unexpected functionality can result from errors in design, implementation, or configuration

• Bugs can be managed by malicious purposes by an attacker