For the love of Zeus stop making up silly terms!

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"       A 0-day patch is a patch where the vulnerability is disclosed at 
the same day the patch is
released by the vendor. The associated risk exposure, the Gray Risk is 0 
days.
"

So, I'm reading some papers and finishing a talk for next week's OWASP 
conference in NYC.  Specifically, I'm reading this: 
http://www.blackhat.com/presentations/bh-europe-08/Frei/Whitepaper/bh-eu-08-frei-WP.pdf 
. The first thing they do is make up a silly term. Now, we all have a 
tendency to do this - sometimes it's like trying to wade through a 
Scientology text to figure out someone's paper, between the "Heap Feng 
Shui" and the various references to OODA loops and Sun Tzu quotes. 
Honestly, it's got to stop.

So next time you're in the process of trying to "coin" a term, just sit 
back and call the darn thing what it really is.

- -dave
P.S.
on "Black/White/Grey Risk": Heck, "Kobold risk", "Orc Risk" and "Ogre 
risk" would at least have been retro geek cool. Or why not make "white 
risk" the risk you have when everyone else has the exploit but you are 
too whitehat to get access to it and "Black risk" the risk you have if 
you are a blackhat and you are using bugs everyone knows about? That 
would have been more accurate too!

Also, shouldn't that have been a 1-day patch? :>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFI1Qz8tehAhL0gheoRAi4gAJ92sp9n3qhenOOr3x4jbPC+AwWv3wCfYQ1g
2MWPGMzEmobxcx78+9bVHmo=
=5CbL
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave