Re: defining 0day

On Wed, 26 Sep 2007, Charles Miller wrote:
> On 26/09/2007, at 5:02 AM, Gadi Evron wrote:
>
>> Okay. I think we exhausted the different views, and maybe we are now able
>> to come to a conlusion on what we WANT 0day to mean.
>>
>> What do you, as professional, believe 0day should mean, regardless of
>> previous definitions?
>
> As a professional, I would be happy to see terms like '0day' banished from
> the lexicon entirely. It's an essentially meaningless -- all third-party
> exploits are zero-day to _somebody_ -- term of boast co-opted from the warez
> scene, and we can do perfectly well without it.
>
> Quibbling over its precise definition seems a ridiculous waste of bytes.
>

It would if we are to stay stuck in our niche, but you need to remember - security is about niches, we are all experts -- but in very specific fields.

These past 2 years we faced multiple targeted attacks with previously unknown vulnerabilities. We experience MASSIVE exploitation of users with 0days used on web sites and ine mail, etc.

As an industry, as professionals, it is time to get our act together on the basics.

I am operations manager for ZERT, and for me, this is indeed at the very heart of the matter. How you define this silliness is directly linked to how you do two of the most essential parts of security:

1. Vulnerability disclosure - for researchers.
2. Incident response - for.. responders.

If a vulnerabiliy is fully disclosed, unpatched, being actively exploited, etc. caused real confusion, and non of us, or any of the written material, can agree on the basics.

It's not about fighting on what 0day means as much as it is about how we as an industry, a community, conduct ourselves and can reach a common language, which directly impacts operations.

So, if WMF was disclosed today after being actively exploited itw for a while, what would you call it? How would you respond to it? How long would it stay unpatched and when will you realize its importance?

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

> C

         Gadi. Received on Tue Sep 25 17:59:23 2007