Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Hugo van der Kooij (hvdkooijvanderkooij.org)
Date: Tue Jul 24 2007 - 00:37:08 CDT
On Sat, 21 Jul 2007, Ken Kousky wrote:
> Zero day is a serious misnomer from vendors that suggest that the counting
> of time an exposure is known BY THE GOOD GUYS is some kind of trigger date
> when in reality, many serious exploits are know BY THE BAD GUYS so the day
> zero is really months or maybe years prior to the disclosure or notification
> date. Look at the WMF vulnerability that caused a mad rush to patch it once
> the good guys were put on notice. In this case, the vulnerability had been
> present in Windows products since the early 90s and according to Kapersky
> Labs there was even malware being sold that took advantage of it long before
> there was even day zero notification.
I reserve the word 0day to issues that have been found through exploits.
So a 0day exploit is an exploit out in the field were the vulnerability
is/was not publicly known before the exploit was found.
As such it would be a very rough indication of the score of good guys
(writing advisories) and the bad guys (writing exploits).
This message is using 100% recycled electrons.
Some men see computers as they are and say "Windows"
I use computers with Linux and say "Why Windows?"
(Thanks JFK, for the insight.)