| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4b6ee9310804191544v2540c511he86412232bb9e9f9@mail.gmail.com> Date: Sat, 19 Apr 2008 23:44:22 +0100 From: n3td3v <xploitable@...il.com> To: "Gadi Evron" <ge@...uxbox.org>, full-disclosure@...ts.grok.org.uk, n3td3v <n3td3v@...glegroups.com> Subject: Re: defining 0day On Tue, Sep 25, 2007 at 8:02 PM, Gadi Evron <ge@...uxbox.org> wrote: > Okay. I think we exhausted the different views, and maybe we are now able > to come to a conlusion on what we WANT 0day to mean. > > What do you, as professional, believe 0day should mean, regardless of > previous definitions? > > Obviously, the term has become charged in the past couple of years with the > targeted office vulnerabilities attacks, WMF, ANI, etc. > > We require a term to address these, just as much as we do "unpatched > vulnerability" or "fully disclosed vulnerability". > > What other such descriptions should we consider before proceeding? > non-disclosure? > > Gadi. > I just caught a news article that summed up nicely what 0day means... "A zero-day flaw is a software vulnerability that has become public knowledge but for which no patch is available. It is particularly dangerous since users are exposed from day zero until the day a vendor prepares a patch and notifies users it is ready." http://www.pcworld.com/businesscenter/article/144803/chinese_blogs_detail_zeroday_flaw_in_microsoft_works.html Regards, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists