lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.62.0709251359490.25733@linuxbox.org>
Date: Tue, 25 Sep 2007 14:02:27 -0500 (CDT)
From: Gadi Evron <ge@...uxbox.org>
To: "Thor (Hammer of God)" <thor@...merofgod.com>
Cc: bugtraq@...urityfocus.com, Chad Perrin <perrin@...theon.com>,
	Crispin Cowan <crispin@...ell.com>, Casper.Dik@....COM,
	"pdp (architect)" <pdp.gnucitizen@...glemail.com>,
	full-disclosure@...ts.grok.org.uk,
	Lamont Granquist <lamont@...iptkiddie.org>,
	Roland Kuhn <rkuhn@....physik.tu-muenchen.de>
Subject: defining 0day

On Tue, 25 Sep 2007, Thor (Hammer of God) wrote:
> For the record, the original term "O-Day" was coined by a dyslexic
> security engineer who listened to too much Harry Belafonte while working
> all night on a drink of rum.  It's true.  Really.
>
> t

Okay. I think we exhausted the different views, and maybe we are now able 
to come to a conlusion on what we WANT 0day to mean.

What do you, as professional, believe 0day should mean, regardless of 
previous definitions?

Obviously, the term has become charged in the past couple of years with 
the targeted office vulnerabilities attacks, WMF, ANI, etc.

We require a term to address these, just as much as we do "unpatched 
vulnerability" or "fully disclosed vulnerability".

What other such descriptions should we consider before proceeding? 
non-disclosure?

 	Gadi.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ