I write about risk, threat, and other security definitions fairly regularly. Lo and behold I just read a post by someone else who shares my approach. This is a must read. How did you react to the story?
A second brother in risk is Gunnar Peterson, who writes in part:
When security teams conflate threats and vulnerabilities, the result is confusion. Instead efforts dealing with threats... and vulnerabilities... should be separately optimized, besides both being part of "security"; they don't have that much in common.
Oh bravo, especially the old school link to Dan Geer which I should read again.