Skip to content

The term “Zero Day”

319px-Seven segment display 0 digit 16px spacing

The varied use of this term has been bugging me lately.

Zero Day Vulnerability

A vulnerability that has not been published, either by the vendor or some other reasonably public entity (MITRE/NIST/OSVDB/ETC). The key here is that the vendor in question has has zero days to actually do anything about delivering a patch or mitigation.

Zero Day Exploit

An exploit that takes advantage of a zero day vulnerability.

I’ve seen people talking about vulnerabilities that don’t have a patch as ‘zero days.’ This isn’t really accurate because those conditions are published and known. The fact that a vendor chooses not to address a condition doesn’t make it a zero day.

Post a Comment

Your email is never published nor shared. Required fields are marked *