I was under the impression that "0day" came from the hacking/cracking community and was synonymous with the concept of "private 0day" that has been used in this thread.
So, a hacker/cracker would have a variety of tools at their disposal including many exploits that were known to security professionals, vendors, and the public for various lengths of time, but also the "0day" exploits for which no vulnerable machines should be patched against. As soon as the vulnerability is published, it no longer becomes a "0day" since even in the absence of vendor patches, admins could take actions to audit and protect their systems.
Under this definition, "0day" exploits should be not publically disclosed and to be pedantic should be actively being used to break into systems. Exploits generated by the grey-hat community, not used for malicious reasons, and published before vendor patches exist would not have gone through the "0day" stage. Neither would exploits generated for publically known vulnerabilities before the vendor patches were released would be considered "0day" since the vulnerability was publically known and again there could be workarounds encountered by the hacker/cracker that would prevent gaining access.
It seems that the definition of the term has morphed in the past 10+ years though...
On Sat, 22 Sep 2007 johanfunsale@xxxxxxxxx wrote:
I think we're missing the point. To my very limited knowledge, a zero day vulnerability is a vulnerability that is released into the wild before the vendor has notified its customers thereof, i.e. the person who discovered the vulnerability decides to release it to parties other than the vendor in question.This will most likely lead to a zero day exploit, which is an exploit that "exploits" the vulnerability before the vendor releases a patch for that vulnerability.This is just my view, but if it makes sense, use it as your own. Regards, Johan