Zero day basically means a product vulnerability is announced publicly without first notifying the concerned vendor who markets the product. This becomes an attack when that vulnerability is quickly exploited before a patch can be released or users notified. Zero day disclosure is seen by many as irresponsible. Responsible disclosure is the goal of the Zero Day Initiative. People who find a vulnerability should report it to Zero Day Initiative who will then verify it and inform the vendor. When a patch is available, the vulnerability will be made public. A reward may be paid to those who correctly identify and report a vulnerability. |