Defense in depth and multiple layers of security should ideally protect against zero-days; see the Swiss cheese model of accidents for an example; most aviation accidents are rarely caused by a single factor but an improbable combination of factors.

This is why I also think “zero trust” and internet-accessible SaaS has done so much damage to the industry. Before, if your version control server has a vuln, the attackers still need to get on your VPN to even be able to scan for that vuln. Now, your version control server is on the internet and/or is an SaaS and all it takes is an exploit or a set of phished credentials for anyone anywhere in the world to get in.