Definition should state that
- vulnerability refers to a flaw in a system that can leave it open to attack; may also refer to any type of weakness in a computer system, in a set of procedures, or in anything that leaves information security exposed to a threat.*
- risk is the likelihood that a vulnerability will occur and that a loss occurs if that vulnerability is exploited.
*Technopedia