My understanding, zero day means when the exploit was discovered it was already being used in the wild. This is different from an exploit discovered by a bounty program or by security researchers.