@darrenpmeyer If you want to test this, look for any example of full disclosure - someone drops details of e.g. an Exchange bug on e.g. Nov 10, which is then weaponized to an exploit on Nov 11 and used to own a massive bank on Nov 12. When the news is published on Nov 13, and a patch is still unavailable, what percentage of articles, tech reports, etc. will call this an "0day" vs "1day" or more? Answer: 100% will call it an 0day. Because it's unpatched.
@darrenpmeyer It doesn't matter that the vendor knew about it when the exploit was developed or attack happened. I have literally not seen a single exception.
By the alternative "its only 0day if the vendor doesn't know about it" standard, nothing publicly published can describe an 0day, because once it's published, it's not an 0day.
But even though that's what people often *say* they want as a definition, it's not how any of us really use the language in practice.