Hehe, 0day became the darling term last year for journalists who wanted to show off that they, too, had learned something technical. Sadly, the word got way too over-used and is sometimes spoken synonymously with "malware" now. Hell, there's even "less-than-zero-day" terms that bastardize the whole point...

Anyway, strictly speaking, I think 0day should be confined only to a vulnerability that is not patched. After a patch is issued, it becomes "you-should-have-patched-your-system-or-implemented-a-workaround-stupid-day."

I've come to cringe every time I hear the word nowadays. I wish I had the data to prove that this has to be one of the fastest 1337-to-marketing-speak transitions in the in computing security history. Is there any product that doesn't boldly say it combats 0-days on the front page anymore?

The reason, of course, of why it's frustrating is because zero-day should refer to unknown, unpatched vulnerabilities, not to known but unpatched (or poorly patched in this case).

There's a critical difference between the Word exploit that comes out on exploit Wednesday and the uber-elite OpenBSD-remote-root-straight-to-RAM-and-then-to-PCI-based-rootkit that only intel agencies have. The former you can fix even before the patch - Snort signatures, disabling Word, user education, etc. The latter can only be mitigated by a secure network posture - no matter how elite the hack, it will leave clues throughout your network if it enters. Make your adversaries think twice before using it, since the value of a 0-day is inversely proportional to the number of individuals who know about it.

As Donny Rumsfeld once said: "There are known knowns, there are unknown knowns, and there are unknown unknowns."

The true meaning of zero-days are the latter. Don't let the marketers steal denigrate a word that so well described the risks of network computing.