|
|
|
|
|
|
by apstls
785 days ago
|
|
|
The term 1day is not uncommon, not only among exploit vendors on either side of the law (in other words, selling to crime groups or selling to governments) but also among the general threat intelligence and broader cybersecurity community. It doesn’t stand out as strange at all, really. However, I don’t believe their particular definition aligns with the typical/colloquial usage of the term. It’s usually used in the more direct sense, i.e. a very new vulnerability that is unlikely to have been broadly patched. As far as the term 0day, I don’t think there’s much debate or contrarian opinions to be had. The only room for argument I see is between defining it as an unreleased vulnerability unknown to the vendor versus a vulnerability known to the vendor but not yet patched, basically what this article defines a 1day as. Either way, it comes down to nitpicking nuances of definitions of commonly-used terms. I don’t think there’s much meaningful discussion to be had. |
|
|