Re: [cisspforum] REVEIW: "Zero Day", David Baldacci

[CP Constantine <conrad () 1211 net>]

On 01/31/2012 04:41 PM, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:
> At one time, in information security terminology, "zero day" meant a
> measure of difficulty or vulnerability. 

err, no it didn't.

At *one* time, "zero day" meant that you'd acquired and were trading
pirated software that had been released that same day (it was
"zero-day-old warez")

later on, it got repurposed to indicate an exploit that had never been
used before (the exploit was again, zero-days-old)

(you'll notice a trend here, things can only be called 'zero-day',
precisely once)


> That meaning has been largely
> destroyed by overexposure in the media.  Today it simply means "we
> want to scare you."

the meaning you use here 'difficulty or vulnerability' is part of that
overexposure, as the original meaning has been taken up by vendor
marketing teams and been stretched to mean all sorts of nonsense things
- including 'a measure of difficulty or vulnerability'.

It means "zero-days-old" .. any other meaning whatsoever is purely a
fabrication by people that didn't know the original meaning in the first
place.

(Rob, I kinda feel bad about ranting to you on something that's a matter
of security history, since you've, well,  obviously got seniority on me
in this regards: however the appropriation of 'zero-day' by the industry
as an utterly meaningless terms is one of those 'if you're not part of
the solution, you're part of the problem' kind of issues to me)
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.