lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Sep 2007 12:34:44 -0600 From: Chad Perrin <perrin@...theon.com> To: bugtraq@...urityfocus.com Subject: Re: defining 0day On Thu, Sep 27, 2007 at 05:20:35PM -0700, Marvin Simkin wrote: > > Unpatched Vulnerability: Working Exploit > > "Working in a white hat's lab" is not as urgent as "being abused right now in the wild". > > > . . . or maybe "zero day exploit". > > Proposed: > > 1. A 0-day EXPLOIT is an Unpatched Vulnerability that we realize is being or has been abused. > > 2. A 0-day VULNERABILITY: no such thing. All vulnerabilities are either Unpatched or Patched. They start out in Unpatched status the moment some programmer creates them. They remain Unpatched until they are Patched. > That was pretty much my point -- so I'm on board. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] Leon Festinger: "A man with a conviction is a hard man to change. Tell him you disagree and he turns away. Show him facts and figures and he questions your sources. Appeal to logic and he fails to see your point."
Powered by blists - more mailing lists