Zero Day Vulnerabilities Have No Patch Yet

When computer system vulnerabilities are discovered, patches are issued that have been designed to close the hole of vulnerability. The patches take some time to construct and deploy and even longer to get the community to accept them and install them. This always leaves a gap of some time between the discovery and when the patches are actually applied.

But even before that there is another gap of time that can be more important. The hole of vulnerability may exist for some time before it is discovered. A hole that has not yet been discovered is known as a “zero day” vulnerability. When a zero day vulnerability is first active, few know about it, usually only the ones who have it or are using it. But then over time, they are discovered and exposed and patched and the gap of time can be calculated between when it went live and when it was discovered by the security community and mitigated. Historically, these gaps have often been weeks to months and on occasion more than a year.

What is a zero day?

– [youtube.com]

Melanie Teplinsky, cybersecurity expert and adjunct professor at American University’s Washington College of Law, explains the lifecycle of a zero day: A previously unknown vulnerability in software that could allow hackers access to people’s data without them knowing.

SEE ALSO:
9 – Zero Day
Attack vs Defense on an Organizational Scale

Comments are closed.