Evaluation should include the flaws to an operating system and the current and emerging threats, such as viruses, dynamic-link library (DLL) injection, or zero-day vulnerability.