A method for defining the vulnerabilities of a computer system

A method for defining the security vulnerability of a computer system (30), comprising the steps of: Specifying an attack, which is a recognized susceptibility (300) of the computer system, a vulnerability description language file (VDL) file, wherein the file further VDL at least one property of the specified attack (300, 318) specified; at least a tactic definition (310, 312, 314) specified with respect to the detection of the susceptibility of the specified attack; and specifies a remedy (300) for the specified vulnerability.