If a security bug is exploited in the wild, it's an n-day if it's been first exploited n days after the publication of the bug, and a zero-day if it's been exploited before or on the day of the publication.
When a bug is not yet exploited in the wild, it's just a discovery of a bug, not a zero-day.
Originally a zero-day exploit was one that was found by crackers on the first day of release of a software product. Like finding a licence crack for a new Microsoft program on the day it went on sale.
There used to be fierce competition to find such an exploit within those 24 hours, and great kudos for those who did.
Nowadays a zero-day can apparently be found years after release, which makes no sense.
Does "publication" refer to the software or to something documenting the existence of the bug? Because I thought zero-day meant the bug was exploited the same day the software containing the bug was released, but your phrasing sounds like if you exploit a bug before the maintainers know about it then it's a negative day.
I did so in the other reply thread of the comment you replied to.
> [Z]ero-day specifically compares when the white hats (vendors, system owners) and the black hats learn about the existence of a vulnerability. If white hats learn that a vulnerability exists by being subject to an in-the-wild black hat exploit of it, then it's a true zero-day.
And, again, you need to be aware that the vulnerability is the flaw or defect in the software or system (e.g., buffer overrun), and the exploit is the specific methodology that takes advantage of it (e.g., worm, malicious web request from a botnet, etc.).
Some people differentiate between a zero day vulnerability and a zero day exploit. I don't really find that is common anymore, and essentially everyone using it means zero-day exploit.
Not only should AI misdiagnose to save lives, but a human should too. You walk in with symptoms that most likely is a harmless virus that clears up on its own or 5% of the time is a deadly bacteria. The correct course of action is to try to test if it is the 5% case (most often the wrong diagnosis), not send people home because they are most likely fine. Many cases have a similar low but not 0 risky diagnosis.
Right? I keep telling people that Titanic wasn't a documentary, it was an instruction manual for the future. Look the deleted scenes. You don't lack the ability to understand your situation, you simply lack the information required to understand how hopeless you are. Poof, and this comment is gone.
I keep telling people but no one will listen to me that these things are not sustainable and no productivity can be gotten from using these tools. You must compose your context and consume every bit as much as you are able. These agents and other things operate like a casino throwing tokens sometimes getting it right, but you will not make any meaningful progress unless you learn to control context and snowball the conversation. It's a more complex iterative process for which there is no subject. This is far more advanced level of programming allowing us to make bigger systems less complex. There's unusual ways of using this, yes. We're looking at pricing well above $10,000 / year, call me crazy you will until you'll suddenly stop when you realize I was right. There's only one way, total context control and simple interface. I had to create a simple interface because the tool I was using released an updated and I couldn't wait. So you'll all end up using something similar to what I made, with ChatGPT, to then use the API directly. Combined with VS Code makes for very easy, natural way of consuming tokens and generally work with this. You can just assume file is prompt.md, that you have such file in every directory where you intend to execute the command and make it available at path.
When you ALL were paying for subscription I was paying for API costing me much less than subscription, being less stressed, knowing I don't have to worry about fog of context.
I see it now, it's not sustainable. They've signed contracts they can't get out from and we're gonna have to pay, with blood, gold, or in this case, quality.
You will pay, you (we) will all pay for their debts.
reply