| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201010282228.15922.akhthar@sysadminguide.com> Date: Thu, 28 Oct 2010 22:28:15 +0530 From: Akhthar Parvez K <akhthar@...adminguide.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: 0-day "vulnerability" The term "0-day (or zero-day)" means the action has been done very quickly even without giving the developer enough time to fix the vulnerability of the software in question. Some commonly used terms are 0-day attack, 0-day exploit etc. So if you take that into context, the terms like "0-day vulnerability" or "0-day disclosure" are technically incorrect, IMHO. I would like to define it like this: "0-day x" where not all x are 0-days. Arguments welcome :-) -- Regards, Akhthar Parvez K http://www.sysadminguide.com/ UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity - Dennis Ritchie On Thursday 28 Oct 2010, w0lfd33m@...il.com wrote: > Yep. Totally agree. Vulnerability exists in the system since it has been developed. It is just the matter when it has been disclosed or being exploited. > > I would suggest " 0 day disclosure" instead of "0 day vulnerability" :) > > > ------Original Message------ > From: Curt Purdy > Sender: full-disclosure-bounces@...ts.grok.org.uk > To: full-disclosure@...ts.grok.org.uk > Subject: [Full-disclosure] 0-day "vulnerability" > Sent: Oct 28, 2010 8:48 PM > > Sorry to rant, but I have seen this term used once too many times to > sit idly by. And used today by what I once thought was a respectable > infosec publication (that will remain nameless) while referring to the > current Firefox vulnerability (that did, by the way, once have a 0-day > sploit) Also, by definition, a 0-day no longer exists the moment it > is announced ;) > > For once and for all: There is no such thing as a "zero-day > vulnerability" (quoted), only a 0-day exploit... > > Curt Purdy CISSP, GSNA, GSEC, MCSE+I, CCNA > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > Sent from BlackBerry® on Airtel > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Regards, Akhthar Parvez K http://www.sysadminguide.com/ UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity - Dennis Ritchie _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists