Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Is the word zero-day here superfluous? If they were previously unknown doesn't that make them zero-day by definition?


It's a term of art. In print media, the connotation is "vulnerabilities embedded into shipping software", as opposed to things like misconfigurations.


I think it's a fairly common trope in communication to explain in simple terms any language that the wider part of an audience doesn't understand.


I though zero-day meant actively being exploited in the wild before a patch is available?


Zero day means that there is zero days between a patch being available and the vulnerability being disclosed (as opposed to the patch being available before disclosure).


Discovering a zero day implies that there is no patch, but the term is talking about how long the vendor has known about the vulnerability.


Yes. As a security researcher this always annoys me.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: