[Full-disclosure] defining 0day



On Tue, 25 Sep 2007, Thor (Hammer of God) wrote:
For the record, the original term "O-Day" was coined by a dyslexic
security engineer who listened to too much Harry Belafonte while working
all night on a drink of rum. It's true. Really.

t

Okay. I think we exhausted the different views, and maybe we are now able
to come to a conlusion on what we WANT 0day to mean.

What do you, as professional, believe 0day should mean, regardless of
previous definitions?

Obviously, the term has become charged in the past couple of years with
the targeted office vulnerabilities attacks, WMF, ANI, etc.

We require a term to address these, just as much as we do "unpatched
vulnerability" or "fully disclosed vulnerability".

What other such descriptions should we consider before proceeding?
non-disclosure?

Gadi.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: [Full-disclosure] 0day: PDF pwns Windows
    ... This one time, at band camp, Thor (Hammer of God) wrote: ... security engineer who listened to too much Harry Belafonte while working ... vulnerability is disclosed. ...
    (Full-Disclosure)
  • [Full-disclosure] defining 0day
    ... security engineer who listened to too much Harry Belafonte while working ... all night on a drink of rum. ... vulnerability" or "fully disclosed ...
    (Full-Disclosure)
  • Re: [Full-disclosure] 0day: PDF pwns Windows
    ... the original term "O-Day" was coined by a dyslexic ... security engineer who listened to too much Harry Belafonte while working ... vulnerability is disclosed. ...
    (Full-Disclosure)
  • defining 0day
    ... security engineer who listened to too much Harry Belafonte while working ... all night on a drink of rum. ... We require a term to address these, just as much as we do "unpatched vulnerability" or "fully disclosed vulnerability". ...
    (Bugtraq)
  • [Full-Disclosure] ASP.NET cannonicalization issue
    ... Microsoft is currently investigating a reported ... vulnerability in Microsoft ASP.NET. ... Security Engineer ... in error, please contact us immediately at 816.421.6611, and delete the communication from any computer or network system. ...
    (Full-Disclosure)