Full Disclosure mailing list archives
Re: defining 0day
From: n3td3v <xploitable () gmail com>
Date: Sat, 19 Apr 2008 23:44:22 +0100
On Tue, Sep 25, 2007 at 8:02 PM, Gadi Evron <ge () linuxbox org> wrote:
Okay. I think we exhausted the different views, and maybe we are now able
to come to a conlusion on what we WANT 0day to mean.
What do you, as professional, believe 0day should mean, regardless of
previous definitions?
Obviously, the term has become charged in the past couple of years with the
targeted office vulnerabilities attacks, WMF, ANI, etc.
We require a term to address these, just as much as we do "unpatched
vulnerability" or "fully disclosed vulnerability".
What other such descriptions should we consider before proceeding?
non-disclosure?
Gadi.
I just caught a news article that summed up nicely what 0day means... "A zero-day flaw is a software vulnerability that has become public knowledge but for which no patch is available. It is particularly dangerous since users are exposed from day zero until the day a vendor prepares a patch and notifies users it is ready." http://www.pcworld.com/businesscenter/article/144803/chinese_blogs_detail_zeroday_flaw_in_microsoft_works.html Regards, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: defining 0day n3td3v (Apr 19)
- Re: defining 0day coderman (Apr 19)
- Re: defining 0day n3td3v (Apr 19)
- Re: defining 0day coderman (Apr 19)
- Re: defining 0day n3td3v (Apr 19)
- Re: defining 0day coderman (Apr 19)
- Re: defining 0day n3td3v (Apr 19)
- Re: defining 0day coderman (Apr 19)