Researchers looked at period of malware activity on a host of Symantec detection platforms from 2008 to 2011. They quantified window of exposure organizations face from attacks that are active before vulnerabilities are publicly disclosed. Researchers found 18 zero-day vulnerabilities starting in February 2008 to the end of last year: three in 2008; seven in 2009; six in 2010; and six in 2011. Fifteen of the zero-days targeted fewer than 1,000 hosts, while the other three (Stuxnet and its variants) infected hundreds of thousands of machines before being detected.
Source: https://threatpost.com/zero-day-attacks-thrive-months-disclosure-101612/77118/