[_wmd]

I don't know what communities you hang around, but there has never been some strict definition of 0day in infosec. 0day colloquially applies to anything circulating that didn't follow reasonable vendor disclosure, as was the case here

[FLUX-YOU]

The problem with that definition is that sometimes there is mitigation you can do before the vendor can get a patch out and that effectively counters the problem.

It also isn't reasonable when the vendor simply won't or can't patch it (because they've gone out of business). To have it be labeled a zero day forever because the vendor doesn't exist is silly.

I have followed "public knowledge" as the key factor because IT systems in production are complex and some companies actually do defense-in-depth and sometimes vendors are shit.

Using zero day excessively leads to alert fatigue IMO.

[TeMPOraL]

What? First time I hear of it. Not infosec, and yet I was under impression for years now that in colloquial usage, "0day" means "exploited before the problem was known publicly". It stops being a 0day after any info about it hits the press/social media.

[_wmd]

A cursory search ( https://www.google.co.uk/search?q=%22patched+zero-day%22 ) reveals many industry sources misusing it following that definition. How can a 0day ever possibly be considered "patched" if the vendor had no knowledge of what the patch is for? etc.

[Covzire]

Once a zero-day, always a zero-day IMO.

[op00to]

What is it called the day after you are aware of it. Zero day still? That makes no sense.

[Doxin]

It makes sense if you think of the identifier "zero day" as a sort of birth-identity.

As far as I'm aware 0day refers to having zero days of notice to fix the bug. That doesn't change the day after it comes out, it's still zero days of notice.