In computer science, a vulnerability is considered to be a zero-day vulnerability if it’s unknown to all parties interested in patching it, such as:
- The team maintaining the project
- The users of the project
- Vulnerability researchers
Vulnerability researchers are the good guys – people who won’t take advantage of the vulnerability for their own gain and who will exercise responsible disclosure.
Let’s illustrate this concept with a small example.