There is an interesting thread over on DailyDave about 0day and what you can do about it.
Its far from complete, so go read the thread and come back...
Thus far Ron Gula's response is the best.
My thoughts on this is that it really depends a lot on the maturity of the environment. Most environments wouldn't stand a chance against even a crappy targeted client-side attack with public vulnerabilities. If you throw in 0day...forget about it But assuming a mature environment, I think you use 0day to test your defenses to targeted and 0day attacks.
Does one 0day totally own your network?
I think using 0day allows you to test:
Are things segregated properly enough that someone popping a shell on a workstation cant get access to "what makes you money"?
Does you HIPS/HIDS stop that stack/heap overflow? Does it stop you from putting new binaries on the box for post exploitation?
Is your AV worth anything? How long before 0day(that eventually becomes public) becomes an AV alert?
Does your network IPS/IDS detect or block the exploit traffic?
Can you detect the outbound traffic? and RESPOND?!
Are your users running with elevated privileges or are your admins doing their regular work with their admin accounts?
that sort of thing...thoughts?