[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] defining 0day

To: "'Gadi Evron'" <ge@xxxxxxxxxxxx>, "'Thor \(Hammer of God\)'" <thor@xxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] defining 0day
From: "David Gillett" <gillettdavid@xxxxxxxx>
Date: Tue, 25 Sep 2007 14:20:52 -0700

> What do you, as professional, believe 0day should mean, 
> regardless of previous definitions?

  I think there is some slight residual usefulness to designating
vulnerabilities whose first public disclosure results from
discovery/analysis of an active exploit already "in the wild".  ("0 days"
thus being the elapsed time from public disclosure of the vulnerability to
appearance of a live threat exploiting it, a characteristic which an unknown
vulnerability may only aspire to, and a patched one may never live down.)

David Gillett




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] defining 0day
  - From: Gadi Evron

Prev by Date: Re: [Full-disclosure] 0-day inquiry
Next by Date: Re: [Full-disclosure] Full-Disclosure Definition of 0Day
Previous by thread: Re: [Full-disclosure] defining 0day
Next by thread: Re: [Full-disclosure] defining 0day
Index(es):
- Date
- Thread