Re: defining 0day
On Thu, Sep 27, 2007 at 05:20:35PM -0700, Marvin Simkin wrote:
> > Unpatched Vulnerability: Working Exploit
>
> "Working in a white hat's lab" is not as urgent as "being abused right now in
> the wild".
>
> > . . . or maybe "zero day exploit".
>
> Proposed:
>
> 1. A 0-day EXPLOIT is an Unpatched Vulnerability that we realize is being or
> has been abused.
>
> 2. A 0-day VULNERABILITY: no such thing. All vulnerabilities are either
> Unpatched or Patched. They start out in Unpatched status the moment some
> programmer creates them. They remain Unpatched until they are Patched.
>
That was pretty much my point -- so I'm on board.
--
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
Leon Festinger: "A man with a conviction is a hard man to change. Tell him
you disagree and he turns away. Show him facts and figures and he questions
your sources. Appeal to logic and he fails to see your point."