You see vulnerabilities all the time in board games – when the rules aren’t clear and players fight over their interpretation. Well, code does the same thing. If a hacker finds an obscure rule is not properly programmed or accounted for, the code may not handle that well. What if a website forgot to check if updating your email is already taken by another account? If this check isn’t done it’s conceivable to gain access to anyone’s account by merely changing your account email to theirs. In this case there was missing code to detect this scenario.