|
|
|
|
|
|
by PeterisP
2136 days ago
|
|
|
The days are counted from the release of a fix. If something been known for two years but a fix was released on 11th August, then it was a zero-day for the two years until 11th August and it's a "day-6" vulnerability today. IIRC the term was introduced to contrast with day-1 attacks with exploits developed by reverse engineering patches on the day they are released and attempting to exploit systems in the gap until they get patched. |
|
|