Answer: Forever-Day Exploits

In computer security, a vulnerability that is attacked before the company responsible for maintaining the software or hardware has a chance to respond is known as a “zero-day exploit”. The zero-day attacks occur in the window between when the vulnerability becomes known to the company responsible for the product and when it releases some sort of patch or update to counter the attacks and seal over the security hole.

Increasingly, and to the alarm of many people within the security industry and beyond, many zero-day exploits are slowly morphing into forever-day exploits. Forever-day exploits arise when the company responsible for the software or hardware in question fails to do anything to correct the exploit.

This can occur because a product is near the end of its life cycle and the company no longer wishes to invest energy and money into maintaining it. In other instances, the company considers the exploit to be obscure enough or far enough removed from mission-critical elements of the system that plugging the hole is a non-priority. In instances where the exploit is part of the firmware of a device, it’s possible that the device cannot be patched and the exploit is permanent.

Unfortunately, as more and more systems are connected to company-wide and global networks, there is an ever-increasing chance that malicious users will be able to access devices with forever-day exploits and cause real harm.