Does "zero-day" or "0-day" (in context of software vulnerabilities and exploits) refer to the software release, or a particular type of exploit?
[I did not find an answer to this on SO. Though it is answered elsewhere on the Internet, my understanding of SO is that it's okay to ask/answer basic questions]
-
Wikipedia has two entries which are relevant:
Unkwntech : Wow, the world must be comming to an end, I beat Jon Skeet!!!Argalatyr : ;-) Not to diminish your Nice Answer, but in the past 24 hours he answered well over a dozen questions, to your 4 (approximations - I did not count carefully). Kinda like one of those chess grandmasters playing a couple of dozen people, one of whom does well... He's a force of nature. -
Simply put it means that it [the exploit] was released before the company was notified, and had the opportunity to fix it, because the company had 0-days of notification.
Argalatyr : Here's another relevant link: http://what-is-what.com/what_is/zero_day_exploit.html -
A zero-day vulnerability or attack means that an exploit has been found active in the "wild" without being announced or the developers notified.
-
A zero-day exploit or vulnerability is an exploit for a bug that is not known to the general public (i.e. no patch was released for it).
-
Three major uses of "Zero Day"
- http://en.wikipedia.org/wiki/Zero_day_virus
- http://en.wikipedia.org/wiki/Zero_day_attack
- And also "zero day" warez (pirated) software: software cracked and/or released to the public by some pirate on (or before!) the day said software was available for sale.
I personally was aware of the third sense before the other two.
0 comments:
Post a Comment