[Full-disclosure] defining 0day
n3td3v
xploitable at gmail.com
Sat Apr 19 23:44:22 BST 2008
On Tue, Sep 25, 2007 at 8:02 PM, Gadi Evron <ge at linuxbox.org> wrote:
> Okay. I think we exhausted the different views, and maybe we are now able
> to come to a conlusion on what we WANT 0day to mean.
>
> What do you, as professional, believe 0day should mean, regardless of
> previous definitions?
>
> Obviously, the term has become charged in the past couple of years with the
> targeted office vulnerabilities attacks, WMF, ANI, etc.
>
> We require a term to address these, just as much as we do "unpatched
> vulnerability" or "fully disclosed vulnerability".
>
> What other such descriptions should we consider before proceeding?
> non-disclosure?
>
> Gadi.
>
I just caught a news article that summed up nicely what 0day means...
"A zero-day flaw is a software vulnerability that has become public
knowledge but for which no patch is available. It is particularly
dangerous since users are exposed from day zero until the day a vendor
prepares a patch and notifies users it is ready."
http://www.pcworld.com/businesscenter/article/144803/chinese_blogs_detail_zeroday_flaw_in_microsoft_works.html
Regards,
n3td3v
Full-Disclosure is hosted and sponsored by Secunia.