Zero-day Vulnerabilities

They are always immediately patched upon discovery.

They are typically well-documented before being found.

They often exist but haven't been identified yet.

They only affect outdated software versions.

Software developers and end-users.

Researchers (good guys) and attackers.

Government agencies and antivirus companies.

Hardware manufacturers and network administrators.

Yes

No

An attack that occurs on the same day a patch is released.

An attack that exploits a known vulnerability for which a patch is available.

An attack that exploits an unknown vulnerability for which no patch or mitigation exists.

An attack that targets systems with zero security measures in place.

They are always launched from untraceable locations.

The vendor is unaware of the vulnerability, so no fix exists.

They require specialized hardware to detect.

They only affect systems that are offline.

To provide software downloads for patching vulnerabilities.

To list and track publicly known cybersecurity vulnerabilities.

To offer training courses on ethical hacking.

To sell cybersecurity insurance policies.