Forever Day Bug

What Does Forever Day Bug Mean?

A forever day bug refers to a known software bug that a manufacturer has no intention of patching. In most cases, instead of publishing a patch that fixes the vulnerability, the vendor simply adds some steps to user manuals explaining how to deal with the threat. However, this is not considered an ideal method.

The U.S. Cyber Emergency Response Team (US-CERT) regularly provides security bulletins that include vulnerability warnings for control systems. However, many system vendors neglect these warnings and refrain from developing ideal patches.

Forever days are also known as iDays or infinite days.

Techopedia Explains Forever Day Bug

These kinds of vulnerabilities are generally found in control systems. For example, Stuxnet exploited a similar kind of vulnerability to attack Iran's nuclear facilities.

Most manufacturers claim that their intention is not to create patches for forever day bugs because of when they are found in legacy products. Another reason is if a product is close to the end of its life cycle, putting time and effort into creating a patch at a later stage can be a waste of money and resources.