[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] 0-day "vulnerability"
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] 0-day "vulnerability"
- From: Akhthar Parvez K <akhthar@xxxxxxxxxxxxxxxxx>
- Date: Thu, 28 Oct 2010 22:28:15 +0530
The term "0-day (or zero-day)" means the action has been done very quickly even
without giving the developer enough time to fix the vulnerability of the
software in question. Some commonly used terms are 0-day attack, 0-day exploit
etc. So if you take that into context, the terms like "0-day vulnerability" or
"0-day disclosure" are technically incorrect, IMHO.
I would like to define it like this:
"0-day x" where not all x are 0-days.
Arguments welcome :-)
--
Regards,
Akhthar Parvez K
http://www.sysadminguide.com/
UNIX is basically a simple operating system, but you have to be a genius to
understand the simplicity - Dennis Ritchie
On Thursday 28 Oct 2010, w0lfd33m@xxxxxxxxx wrote:
> Yep. Totally agree. Vulnerability exists in the system since it has been
> developed. It is just the matter when it has been disclosed or being
> exploited.
>
> I would suggest " 0 day disclosure" instead of "0 day vulnerability" :)
>
>
> ------Original Message------
> From: Curt Purdy
> Sender: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Subject: [Full-disclosure] 0-day "vulnerability"
> Sent: Oct 28, 2010 8:48 PM
>
> Sorry to rant, but I have seen this term used once too many times to
> sit idly by. And used today by what I once thought was a respectable
> infosec publication (that will remain nameless) while referring to the
> current Firefox vulnerability (that did, by the way, once have a 0-day
> sploit) Also, by definition, a 0-day no longer exists the moment it
> is announced ;)
>
> For once and for all: There is no such thing as a "zero-day
> vulnerability" (quoted), only a 0-day exploit...
>
> Curt Purdy CISSP, GSNA, GSEC, MCSE+I, CCNA
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> Sent from BlackBerry® on Airtel
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
Regards,
Akhthar Parvez K
http://www.sysadminguide.com/
UNIX is basically a simple operating system, but you have to be a genius to
understand the simplicity - Dennis Ritchie
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/