Re: defining 0day

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: defining 0day
From: Chad Perrin <perrin@xxxxxxxxxxxx>
Date: Thu, 27 Sep 2007 12:34:44 -0600
In-reply-to: <DE20D559B11B214EB7DC33FF6A2EB16001EB4DD5@xxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mail-followup-to: bugtraq@xxxxxxxxxxxxxxxxx
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <46F5FACF.9010807@xxxxxxxxxx> <20070923235235.GH41180@xxxxxxxxxxxxx> <Pine.GSO.4.60.0709241550120.27986@xxxxxxxxxxxxxxxxxxxxxxx> <64CF0185-2BDE-40D8-9BDC-9E66153186E1@xxxxxxxxxxxxxxxxxxxxxxxxx> <F9C0B32C4FFE7147BD0FF6A40BE806E701ABEE@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <Pine.LNX.4.62.0709251359490.25733@xxxxxxxxxxxx> <500BE702-BB9B-47E8-A96F-AD6B67C0B408@xxxxxxxxxxxx> <200709262325.l8QNPUli007709@xxxxxxxxxxxxxxx> <20070926231032.GA62579@xxxxxxxxxxxxx> <DE20D559B11B214EB7DC33FF6A2EB16001EB4DD5@xxxxxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.4.2.3i

On Thu, Sep 27, 2007 at 05:20:35PM -0700, Marvin Simkin wrote:
> > Unpatched Vulnerability: Working Exploit
> 
> "Working in a white hat's lab" is not as urgent as "being abused right now in 
> the wild".
> 
> > . . . or maybe "zero day exploit".
> 
> Proposed:
> 
> 1. A 0-day EXPLOIT is an Unpatched Vulnerability that we realize is being or 
> has been abused.
> 
> 2. A 0-day VULNERABILITY: no such thing. All vulnerabilities are either 
> Unpatched or Patched. They start out in Unpatched status the moment some 
> programmer creates them. They remain Unpatched until they are Patched.
> 

That was pretty much my point -- so I'm on board.

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
Leon Festinger: "A man with a conviction is a hard man to change. Tell him
you disagree and he turns away. Show him facts and figures and he questions
your sources. Appeal to logic and he fails to see your point."

References:
- Re: 0day: PDF pwns Windows
  - From: Crispin Cowan
- Re: 0day: PDF pwns Windows
  - From: Chad Perrin
- Re: 0day: PDF pwns Windows
  - From: Lamont Granquist
- Re: 0day: PDF pwns Windows
  - From: Roland Kuhn
- RE: 0day: PDF pwns Windows
  - From: Thor (Hammer of God)
- defining 0day
  - From: Gadi Evron
- Re: defining 0day
  - From: Charles Miller
- Re: defining 0day
  - From: Zow
- Re: defining 0day
  - From: Chad Perrin
- RE: defining 0day
  - From: Marvin Simkin

Prev by Date: Re: 0trace - traceroute on established connections
Next by Date: Re: 0trace - traceroute on established connections
Previous by thread: RE: defining 0day
Next by thread: Re: 0day: PDF pwns Windows
Index(es):
- Date
- Thread