My Take on “Zero-Day”

It appears to be in vogue again to talk about the definition of "zero day" so here is my take:

A "0day" is an EXPLOIT of a vulnerability that is generally unknown to the public (I call this "undercover" since somebody must know about it, but the good guys don’t). There is no such thing as a "0day vulnerability" because 0day is about action, not state. More here.

That said, I don’t really expect this to change anything (here’s why), which is why I have moved to definitions for "undercover exploit" and "undercover vulnerability" as long as the extra-complicated but completely clear "in-the-wild exploit against an undercover vulnerability."

And I still like "Null Tag" better than any of the rest.

3 comments for “My Take on “Zero-Day”

  1. October 26, 2006 at 2:36 pm

    Australia Waterfowl, Philosophy, and Zero Day Events

     What do philosophers pontificating about swans have to do with risk management? Sometimes everything.
    Peter Lindstrom asks if Freak Accidents are Black Swans? Good thought provoking question!
    Lets consider what a Black Swan isR…

  2. not a fan
    November 15, 2006 at 3:44 pm

    Man, you are a real freaking idiot. You know that?

  3. Pete
    November 15, 2006 at 4:43 pm

    @not -

    ummm, can you enlighten me? (also, any reason you aren’t comfortable insulting me and signing your real name?)

    Pete

Comments are closed.