I see a consistent definition for the arguments of others: "You have zero days until this can and will be exploited. You have zero days until you need this patched."
A zero day starts with it's exploit or public disclosure and ends with a released patch. It's not a zero day for private disclosure.
For clarity: "private disclosure", even to the vendor, doesn't mean anything. At the point a vulnerability is publicly disclosed, patch or no patch, users can mitigate it (if only by ceasing their use of the affected software). "Zero" refers to the interval elapsed since the public, meaningful, disclosure of the vulnerability.
If I find an RCE in Cisco IOS and report it Cisco, who sits on it for a few dozen months, and you later find the same RCE and circulate it amongst your friends, who exploit it, your friends are exploiting a zero-day vulnerability.
A zero day starts with it's exploit or public disclosure and ends with a released patch. It's not a zero day for private disclosure.
Edited based on child comment about clarity