Patching and vulnerability scanning are key components of a security team. Not all security teams perform patching, but all security teams should be concerned that patching is being performed. In my particular organization we leave the patching to the system administrators and we perform vulnerability and compliance scans to ensure the threats are remediated and requirements are being met. What happens in the case of a zero day vulnerability? What sets a zero day apart from regular patching? Why would a security professional be concerned about the window for zero days?