Even that's revisionist.

Originally a zero-day exploit was one that was found by crackers on the first day of release of a software product. Like finding a licence crack for a new Microsoft program on the day it went on sale.

There used to be fierce competition to find such an exploit within those 24 hours, and great kudos for those who did.

Nowadays a zero-day can apparently be found years after release, which makes no sense.

Does "publication" refer to the software or to something documenting the existence of the bug? Because I thought zero-day meant the bug was exploited the same day the software containing the bug was released, but your phrasing sounds like if you exploit a bug before the maintainers know about it then it's a negative day.