It all started with the Battle of the Bulge, or at least this history reports the battle part, and since we are on the web and don’t need references, I second and designate the starting point. The key paragraph:
"With only enough troops in the Ardennes to hold a series of strongpoints loosely connected by intermittent patrols, the Americans extended no ground reconnaissance into the German sector. Poor weather had masked areas from aerial photography, and the Germans enforced radio silence and strict countersecurity measures. Equally important, the Allies’ top secret communications interception and decryption effort, code-named ULTRA, offered clues but no definitive statement of Hitler’s intentions. Yet WACHT AM RHINE’s best security was the continued Allied belief that the Germans would not attack, a belief held up to zero hour on 16 December-designated by the Germans as Null-Tag (‘Zero-Day’)."
("Null-Tag" sounds so much cooler and even techie, doesn’t it?). Whoop, there it is – the term "zero day." Notice that it denotes the point in time just before an ATTACK, not the point in time at which someone notices a weakness in the opposing side.
I am normally fairly flexible with the use and abuse of terms as long as I can characterize the meaning in some specific way. The term "Zero Day" for some reason really rankles me when it is used to denote a newly-identified vulnerability. For some reason, people just say Zero Day (or 0day) and don’t add any clarifying terms.
There are a handful of ways the term is used that should be clarified anytime you speak with a security vendor:
-
A Zero Day vulnerability is a vulnerability that has been discovered for which a patch does not exist.
-
A Zero Day exploit is an exploit against a vulnerability for which a patch does not exist.
-
A Zero Day exploit is a new exploit against a known vulnerability.
-
A Zero Day exploit is an exploit against a vulnerability that is not widely known.
The last bullet is the "true" definition that I subscribe to, though I do use the phrase in other ways periodically.
Bullshit. It comes from zero-day warez. See tqbf’s URL, above.
URL not posted
http://www.sockpuppet.org/tqbf/log/2005/08/null-tag.html