Because it becomes a definition that's excruciatingly precise, but useless to almost everyone in the world.
I'm probably not the programmer responsible for fixing a bug in my OS; hardly any of us are. But we're all at the mercy of that bug being fixed. So aside from PR, there's literally no reason why I should care how long the vendor has known about it. I care how long everyone else has known about it prior to a fix being available.
If there's going to a be a widely-used term for one or the other, language is going to evolve such that the term covers the latter case because we have practically no reason to care about or refer to the former.
I would also argue that you should choose a word to describe such serious flaws in such a way that the "flaw" doesn't appear to go away if nothing changes except the passage of a very small amount of time. I don't want vendors saying, "we have no zero-day exploits" simply because they waited 10 hours to make the statement.
I'm probably not the programmer responsible for fixing a bug in my OS; hardly any of us are. But we're all at the mercy of that bug being fixed. So aside from PR, there's literally no reason why I should care how long the vendor has known about it. I care how long everyone else has known about it prior to a fix being available.
If there's going to a be a widely-used term for one or the other, language is going to evolve such that the term covers the latter case because we have practically no reason to care about or refer to the former.
I would also argue that you should choose a word to describe such serious flaws in such a way that the "flaw" doesn't appear to go away if nothing changes except the passage of a very small amount of time. I don't want vendors saying, "we have no zero-day exploits" simply because they waited 10 hours to make the statement.