ISS coins new term: "zero-day vulnerability"

Discussion in 'Anti-Virus' started by Rob Rosenberger, Dec 8, 2006.

  1. You gotta love ISS. They've coined a new term: "zero-day vulnerability."
    Quoting from their website:

    "Due to the seriousness of the 'zero-day' Microsoft Windows Media Player
    vulnerability ... X-Force analysts have published an IBM ISS Protection
    Alert and elevated the threat level to AlertCon 2. Our analysts expect
    malicious individuals to quickly develop exploit code targeting this
    issue..."

    Translated: "we expect to upgrade this 'zero-day vulnerability' to a
    'ninth-day threat'..."

    Rob
     
    Rob Rosenberger, Dec 8, 2006
    #1
    1. Advertisements

  2. Rob Rosenberger

    kurt wismer Guest

    what's so new about it?
     
    kurt wismer, Dec 8, 2006
    #2
    1. Advertisements

  3. Thanks for pointing that out, Kurt. I need to declare a mea culpa here. I
    was perhaps so focused on the hysteria of "zero day exploit" that I
    overlooked the "zero day vulnerability."

    Unfortunately, my mea culpa has smothered the issue. We now buy "pre-owned
    vehicles" instead of "used cars," and we now reveal "zero day
    vulnerabilities" instead of "newly discovered flaws." It's all about
    marketing...

    Rob
     
    Rob Rosenberger, Dec 9, 2006
    #3
  4. Rob Rosenberger

    4Q Guest

    Nah, yer both wrong thinking. *My* mates like to think in terms
    of 'minus n-days zero day programs will always have fuckups in
    their code/protocol/design so we can find new ways to circumnavigate
    the system in n+days time' ;]]


    4Q (aka DAVQ)
     
    4Q, Dec 10, 2006
    #4
  5. Rob Rosenberger

    kurt wismer Guest

    well, it's marketing that's going to bite them on the ass... i'm pretty
    sure zero-day vulnerability, while not new, is a nonsense term started
    by some mental midget who can't distinguish between vulnerabilities and
    exploits (it's sad when people describe vulnerabilities as something one
    can accidentally download, or exploits as flaws in existing code)... all
    vulnerabilities that exist existed at the point the software containing
    them was released, they all existed before anyone knew about them, they
    all satisfy the colloquial meaning of 'zero-day' at some point or
    another - it's a redundant qualifier, you might as well be talking about
    wet water...

    'newly discovered flaws/vulnerabilities' is semantically more meaningful
    and accurate...
     
    kurt wismer, Dec 11, 2006
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.