Security Encyclopedia

Zero Day

Also known as a Zero-Day Vulnerability, a Zero-Day is a flaw that has yet to identified or has yet to be addressed via a patch or a public fix.

Ordinarily, user discovered flaws in software are reported to the enterprise using it, or the software vendor that developed it, so the flaw can be investigated and fixed. Users sometimes, during their discovery, sound an alarm and warn others on the internet (e.g. Twitter). This increases the likelihood of malicious users being among the first to learn of the flaw and quickly exploit it.

A Zero-Day attack is an especially dire scenario for a software company as the flaw is not known in the first place and there is little warning and little in place to protect against the attack.

Zero-Day may also refer to the day that an attack exploiting the newly-discovered vulnerability occurs. An exploit directed at a zero-day is called a zero-day exploit, or zero-day attack. The term is also written as 0-Day or 0-day.


"Fuzzing software is a common way of finding zero-day exploits. Intentionally malformed code or edge-case scenarios can yield unexpected results from software and that's a great way of discovering new zero-day exploits."