zero-day vulnerability

Charlie Yianni
#
min read
Back to glossary

What is a zero-day vulnerability? 

A zero-day vulnerability is a security flaw in software or hardware that the developer doesn't know about yet. Because no fix exists at the time it’s discovered, attackers can exploit it before anyone has a chance to patch it. It’s called “zero day” because defenders have zero days to prepare or respond before the flaw is used in an attack.

Zero-day attacks are dangerous because they often target systems that appear secure. Since there’s no warning or fix available, even up-to-date systems can be at risk. Once a zero-day vulnerability becomes public or is used in the wild, developers race to create a patch - and users must act fast to deploy it.

How are zero-day vulnerabilities discovered? 

Zero-day vulnerabilities can be found by:

  • Security researchers, who study systems for flaws.
  • Bug bounty hunters, who report issues to companies in exchange for rewards.
  • Worst case, cyber criminals, who may exploit them in attacks.

How can organizations protect themselves from zero-day vulnerabilities? 

An exposure management solution like Intruder produces custom-built vulnerability checks as soon as new zero-day vulnerabilities are disclosed to help organizations stay ahead. 

If you’re looking for peace of mind from zero-day vulnerabilities, learn more about Rapid Response and our Enterprise plan.

Sign up for your free 14-day trial

Try for free
Charlie Yianni
Digital Content Specialist

Sign up for your free 14-day trial

Try for free