| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Sep 2007 14:04:02 -0500 (CDT)
From: Gadi Evron <ge@...uxbox.org>
To: "Thor (Hammer of God)" <thor@...merofgod.com>
Cc: Chad Perrin <perrin@...theon.com>,
Lamont Granquist <lamont@...iptkiddie.org>,
"pdp \(architect\)" <pdp.gnucitizen@...glemail.com>, Casper.Dik@....COM,
Roland Kuhn <rkuhn@....physik.tu-muenchen.de>,
full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
Crispin Cowan <crispin@...ell.com>
Subject: defining 0day
On Tue, 25 Sep 2007, Thor (Hammer of God) wrote:
> For the record, the original term "O-Day" was coined by a dyslexic
> security engineer who listened to too much Harry Belafonte while working
> all night on a drink of rum. It's true. Really.
>
> t
Okay. I think we exhausted the different views, and maybe we are now able
to come to a conlusion on what we WANT 0day
to mean.
What do you, as professional, believe 0day should mean, regardless of
previous definitions?
Obviously, the term has become charged in the past couple of years with
the targeted office vulnerabilities attacks,
WMF, ANI, etc.
We require a term to address these, just as much as we do "unpatched
vulnerability" or "fully disclosed
vulnerability".
What other such descriptions should we consider before proceeding?
non-disclosure?
Gadi.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists