On 10th Aug 2024, I had a great chance to attend the Cloud Security Alliance Bangalore chapter. During the event, something very interesting happened related to the term “ZERO DAY” vulnerability.
One of the cybersecurity professionals asked the audience in a quiz, "What do you know about ‘ZERO DAY’?" Immediately, someone from the audience responded, "A Zero Day vulnerability is a security flaw in software or hardware that is unknown to the vendor or developer." The answer received support from other cybersecurity professionals.
Now you, take 30 seconds to think about whether this answer is correct. I hope you agree with it too.
But then, something surprising happened. From the audience of over 100 cybersecurity professionals, one person said that the answer is NOT 100% correct.
His answer is that:
Let's say on 20th July at 10 AM, a vulnerability was exploited. The attacker discovered the vulnerability at 8 AM on the same day, two hours earlier.
The security team found out they could fix or reduce the risk of this vulnerability by applying a small patch at 5 AM on 21st July.
This means the O-Day (Oo.. Day) vulnerability period is from 10 AM on 20th July to 5 AM on 21st July, not from 8 AM on 20th July.
However, a Zero-day vulnerability exists from the moment the vulnerability is discovered (in this case, 8 AM on 20th July) until it is exploited.
So, theoretically, there are infinite Zero-day vulnerabilities until they are exploited.
But an O-Day (Oo.. Day) vulnerability must be identified within 24 hours.”
Upon hearing this response, all cybersecurity professionals were thrilled. It was a moment that made everyone say "WOW".
Comments