| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Oct 2010 18:17:25 +0200 From: wmsecurity <wmsecurity@...il.com> To: Curt Purdy <infosysec@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: 0-day "vulnerability" The term "0-day vulnerability" usually refers to a currently unpatched security issue in some specific product. The availability of an exploit, public or not, is optional in this case. That's why both terms have the right to exist. On Thu, Oct 28, 2010 at 17:18, Curt Purdy <infosysec@...il.com> wrote: > Sorry to rant, but I have seen this term used once too many times to > sit idly by. And used today by what I once thought was a respectable > infosec publication (that will remain nameless) while referring to the > current Firefox vulnerability (that did, by the way, once have a 0-day > sploit) Also, by definition, a 0-day no longer exists the moment it > is announced ;) > > For once and for all: There is no such thing as a "zero-day > vulnerability" (quoted), only a 0-day exploit... > > Curt Purdy CISSP, GSNA, GSEC, MCSE+I, CCNA > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists