Finding security holes in programing
If a program has a bug in it that manifests under extreme circumstances, then normally, it’s a minor annoyance. Usually, you can just avoid the extreme circumstances, and the bug isn’t a problem. You could duplicate the effect of tickling the bug by writing your own program, if you wanted to.
But sometimes programs sit on security boundaries. They take input from other programs that don’t have the same access that they do.
For example your mail reader takes input from anyone you get mail from, and it has access to your display, which they probably don’t. The TCP/IP stack of any computer connected to the Internet takes input from anyone on the Internet, and usually has access to everything on the computer, which most people on the Internet certainly don’t.
Any program that does such things has to be careful. If it has any bugs in it, it could potentially end up allowing other people — untrusted people — to do things they’re not allowed to do. A bug that has this property is called a “hole”, or more formally, a “vulnerability”.