Do you have a source for that definition? Because every definition of zero-day I've ever seen has to do with the days it has been known to the vendor.
> A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application or operating system, one that developers have not had time to address and patch. It is called a "zero-day" because the programmer has had zero days to fix the flaw (in other words, a patch is not available)
So does that mean that it is no longer a zero-day after a day has passed? Or does it remain a zero-day because it first got released in the wild before vendors had any awareness of it?
Well, if you use a 0-day exploit to break into computer systems, but nobody discovers the hack, or they discover the hack but not the method used for the hack, I guess it remains a 0-day exploit...
Given the typical lead-time for an article to appear after the vendor is notified, the news begins to spread, publications take notice, assign someone to write a story, and the story appears, then you're arguing that the term "zero day" should, practically speaking, never appear in the press.
I'm not sure that's a helpful definition. It's pedantic to the point of no longer applying to any real-world situation and thus sort of pointless.
I don't have a source as reliable as Wikipedia. I base my definition on how it is used in the field of reverse engineering which I've been in for a long time. In any case, people can stick with the wiki definition. Not important.
Some words are ambiguous enough that a dictionary cannot fully describe. I think this is one of those. Second, wikipedia is a horrible source to trust for anything debatable.
It's debatable that the definition of "zero day exploit" is debatable. Do you also mistrust what Wikipedia has to say about immunization, global warming, homeopathy and evolution?
He asked "Do you have a source for that definition?" and you said you didn't have a source as reliable as Wikipedia, then attacked the reliability of wikipedia, which leaves your source in doubt. So what IS you source?
That's what he asked in the first place, and now that you're hopefully done casting doubt upon his source, you still haven't answered what your source is yet, except to say that it's less reliable than "a horrible source to trust for anything debatable". So please give us a link to your source, so we can see it ourselves.
> A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application or operating system, one that developers have not had time to address and patch. It is called a "zero-day" because the programmer has had zero days to fix the flaw (in other words, a patch is not available)
http://en.wikipedia.org/wiki/Zero-day_attack