Why? The PoC makes it easy to test your apps with tools like Metasploit. The blackhats don't care. They're going to build a sploit anyway, and they're not going to share it so we can use it to test.
There are many smaller targets and this lowers the barrier for script kiddies to an unprecedented level.
And it's one thing to detect the exploit and another to actually run it and post it on the web before people have time to patch their installations (talking about hours!).
I know this line of reasoning is tempting, but it simply doesn't hold up under scrutiny. Even scriptkiddies know where to get "sploits". The difference is, we won't get those as part of our security tool subscription, so we won't have an easy way to test. There's no hiding when the necessary patches point out exactly where the vulnerability is. Your only choice is to patch immediately. Lamenting the availability of PoC tools for whitehats isn't going to reduce your chances of being hit by a blackhat one iota.
