views:

619

answers:

6

Does "zero-day" or "0-day" (in context of software vulnerabilities and exploits) refer to the software release, or a particular type of exploit?

[I did not find an answer to this on SO. Though it is answered elsewhere on the Internet, my understanding of SO is that it's okay to ask/answer basic questions]

+4  A: 

Wikipedia has two entries which are relevant:

Jon Skeet
Wow, the world must be comming to an end, I beat Jon Skeet!!!
Unkwntech
;-) Not to diminish your Nice Answer, but in the past 24 hours he answered well over a dozen questions, to your 4 (approximations - I did not count carefully). Kinda like one of those chess grandmasters playing a couple of dozen people, one of whom does well... He's a force of nature.
Argalatyr
+1  A: 

See http://en.wikipedia.org/wiki/Zero_day_attack.

Bob
+13  A: 

Simply put it means that it [the exploit] was released before the company was notified, and had the opportunity to fix it, because the company had 0-days of notification.

Unkwntech
Here's another relevant link: http://what-is-what.com/what_is/zero_day_exploit.html
Argalatyr
+1  A: 

A zero-day vulnerability or attack means that an exploit has been found active in the "wild" without being announced or the developers notified.

Collin Price
+1  A: 

A zero-day exploit or vulnerability is an exploit for a bug that is not known to the general public (i.e. no patch was released for it).

+1  A: 

Three major uses of "Zero Day"

I personally was aware of the third sense before the other two.

Jeff Warnica