Hacking is a race between users and developers to understand a system. When the users get ahead, they begin to use the system in ways that the developers didn’t intend. When the developers are ahead, they are able to block misuse by testing and removing various software vulnerabilities without compromising the integrity of the program.

So considering this environment, “Exploits”, or vulnerabilities in software are at their most valuable the moment they are discovered. We call this “Day Zero” because the *user/hacker* sees the hole but the developer is still unaware of it.

As soon as the developers learn of the vulnerability (oftentimes because it was used against them, or responsibly disclosed by “white-hats”) they begin to patch the hole, and the day counter begins. So a “day two” exploit is substantially less valuable than a “zero day” exploit because its already in the process of being patched against.

It takes a while to patch every single affected system, so even “Day 489” exploits can still work against a target, but are nearly worthless since the majority of systems that *were* vulnerable to it probably got patched in that time.

The zero-days are a big deal because as long as they are kept secret, they can serve as a persistent avenue of re-entry into owning a system. This is why governments get hacked all the time, because they are more interested in keeping a library of 0-day vulns for their own use than they are in helping vendors harden security against those holes, and in some cases they even legally prevent companies from patching certain 0-days in case the feds want to use them. And sometimes feds even work undercover as developers just so they can introduce 0-days for their own use! See [Goto Fail;](https://www.latimes.com/business/technology/la-fi-tn-apple-gotofail-mistake-conspiracy-nsa-20140223-story.html)