A Zero-Day exploit refers to the initial vulnerabilities that are present in every piece of software that is released. These are flaws in the code that either haven’t been discovered or are so recently discovered that there hasn’t been enough time to develop or deploy a a patch.
Programmers who specialize in exploiting these flaws race to be the first to discover these holes. Frequently, the discoveries are made by freelance developers. Though they may not have malicious intentions, they are commonly called hackers. Why is the competition to find and publish these exploits so intense? Some would say that it is to work for the greater good, making consumer software safer. Perhaps that is part of the equation. The greater part of the equation is money.
The government’s aim is to prevent the potential loss of data or revenue before it happens. It’s an attempt to safeguard the software and systems they’re using. Security software companies aim is to be viewed as an industry leader to build consumer confidence and promote their product. For the individual hacker the windfall can be enormous. Deals have been made that pay hundreds of thousands of dollars for zero-day information. The Government has gone as far as to have third parties that will protect the anonymity of the discoverer. For those who wish to become famous or secure legitimate job offers there are conferences and programs from companies like Apple and HP that allow sharing openly. The pay isn’t as high initially, but the long term benefits may outweigh the secrecy and competing for the next big find.
