Re: defining 0day
On Wed, Sep 26, 2007 at 04:25:30PM -0700, Zow Terry Brugger wrote:
> > As a professional, I would be happy to see terms like '0day' banished
> > from the lexicon entirely. It's an essentially meaningless -- all
> > third-party exploits are zero-day to _somebody_ -- term of boast co-
> > opted from the warez scene, and we can do perfectly well without it.
> I'd accept that. Can we agree on a term that means: "Right now you're
> learning about a vulnerability for which there is a working exploit, and no
> way to protect yourself short of impacting the availability of your systems
> by unplugging them or disabling the affected service."?
> I'd propose "unpatched vulnerability with known working exploit", but it's
> kind of verbose, and I don't think some of the kids joining our ranks can
> string that many complete words together anymore (too much texting).
Unpatched Vulnerability: Working Exploit
. . . or maybe "zero day exploit".
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
Brian K. Reid: "In computer science, we stand on each other's feet."