Richard Bucker

Zero Day Exploit

Posted at — Jan 14, 2013

I’m thinkin’ that most people do not understand what “Zero Day Exploit” means. Of course WikiPedia has a good (read general) explanation, however, it is so general that just about all exploits are going to be a zero-day exploit. Frankly the name is meant to be inflammatory and does not really address the topic.

”…developers have had zero days to address and patch the vulnerability”
So basically ALL exploits are zero day.

Just because company “A” releases product “B” and immediately gets a bug report does not mean the bug was found that day. Especially for open source projects.

Some years ago there was a hacking contest. The winner was able to penetrate the target system in a few minutes, however, the system’s source code had been available for months in advance of the competition. So what really makes him the winner? I dunno.

So while Java is becoming less and less desirable as a platform… what does it all mean?