Zero day is a serious misnomer from vendors that suggest that the counting
of time an exposure is known BY THE GOOD GUYS is some kind of trigger date
when in reality, many serious exploits are know BY THE BAD GUYS so the day
zero is really months or maybe years prior to the disclosure or notification
date. Look at the WMF vulnerability that caused a mad rush to patch it once
the good guys were put on notice. In this case, the vulnerability had been
present in Windows products since the early 90s and according to Kapersky
Labs there was even malware being sold that took advantage of it long before
there was even day zero notification.