On Tue, Sep 25, 2007 at 8:02 PM, Gadi Evron <[EMAIL PROTECTED]> wrote: > Okay. I think we exhausted the different views, and maybe we are now able > to come to a conlusion on what we WANT 0day to mean. > > What do you, as professional, believe 0day should mean, regardless of > previous definitions? > > Obviously, the term has become charged in the past couple of years with the > targeted office vulnerabilities attacks, WMF, ANI, etc. > > We require a term to address these, just as much as we do "unpatched > vulnerability" or "fully disclosed vulnerability". > > What other such descriptions should we consider before proceeding? > non-disclosure? > > Gadi. >
I just caught a news article that summed up nicely what 0day means... "A zero-day flaw is a software vulnerability that has become public knowledge but for which no patch is available. It is particularly dangerous since users are exposed from day zero until the day a vendor prepares a patch and notifies users it is ready." http://www.pcworld.com/businesscenter/article/144803/chinese_blogs_detail_zeroday_flaw_in_microsoft_works.html Regards, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
