The recent rash of Android vulnerabilities has made it clear that a new collective noun for such flaws, and possibly a separate one for security bugs in general, is required.
In its early days the infosec industry borrowed heavily from the lexicon of biology to talk about problems affecting systems: viruses, worms, bugs etc.
This would suggest something like plague, scourge or intrusion (as in an intrusion of cockroaches) as potential candidates.
But since then, computer security types have ditched lab coats for combat fatigues and adopted terms that began in the military – such as APT (advanced persistent threat) – so perhaps we ought to widen the field.
A "cyber" of flaws is one of several new terms currently being rigorously tested at Vulture Central, based on early suggestions on Twitter. "Windows" (hat tip Jack Daniel), "overflow" and "panic" have all been suggested as potential candidates.
"Nest", "basket" and the slightly more surreal "hatstand" have also been mentioned. If we have a pack of lies and a wad of notes then why can't there be a collective noun for vulnerabilities?
The higher profile vulnerabilities – certainly since Heartbleed, Shellshock and running up to Stagefright – have catchy names and come with their own logos. The Ghost vuln even had it's own unofficial song, the Ghostbusters theme.
Security bugs even have their own awards, thanks to categories in the Pwnie Awards that take place during the Black Hat conference in Vegas every year.
Any way you care to look at it, we're well past knowing them by CVE number, but we still don't have a collective noun. Enough!
It's come to the point where we need to turn it over to Reg readers to decide from among the candidates, hence this poll. ®