>A one day attack? sure if the supporting org is on their toes. Most of the time it will be weeks to months. if it is patched at all.
You should look at the CVE list that's fixed every month. Surely you agree it's important to have those exploits patched, especially since baddies can reverse engineer the patches to find the original exploits?
Yes, but they can only be analyzed, patched and distributed "After" the attack is known.
A zero day attack is where there have been zero days since the attack mechanism is discovered(by the victim, not the attacker obviously), there is no after. There is no time for a fix to be developed. When you get hit one day after the attack vector is known that would be a one day attack. if you get a fix one day after the attack that would be a one day patch. If the vulnerability gets discovered and patched before the attack occurs, then there is no zero day attack. only multi day ones on people who did not get or apply the patch.
You should look at the CVE list that's fixed every month. Surely you agree it's important to have those exploits patched, especially since baddies can reverse engineer the patches to find the original exploits?