[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] defining 0day
- To: "Gadi Evron" <ge@xxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx, n3td3v <n3td3v@xxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] defining 0day
- From: n3td3v <xploitable@xxxxxxxxx>
- Date: Sat, 19 Apr 2008 23:44:22 +0100
On Tue, Sep 25, 2007 at 8:02 PM, Gadi Evron <ge@xxxxxxxxxxxx> wrote:
> Okay. I think we exhausted the different views, and maybe we are now able
> to come to a conlusion on what we WANT 0day to mean.
>
> What do you, as professional, believe 0day should mean, regardless of
> previous definitions?
>
> Obviously, the term has become charged in the past couple of years with the
> targeted office vulnerabilities attacks, WMF, ANI, etc.
>
> We require a term to address these, just as much as we do "unpatched
> vulnerability" or "fully disclosed vulnerability".
>
> What other such descriptions should we consider before proceeding?
> non-disclosure?
>
> Gadi.
>
I just caught a news article that summed up nicely what 0day means...
"A zero-day flaw is a software vulnerability that has become public
knowledge but for which no patch is available. It is particularly
dangerous since users are exposed from day zero until the day a vendor
prepares a patch and notifies users it is ready."
http://www.pcworld.com/businesscenter/article/144803/chinese_blogs_detail_zeroday_flaw_in_microsoft_works.html
Regards,
n3td3v
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/