In the era of sophisticated, highly targeted attacks, it just doesn t matter. All he needs is one weak spot. A six-year-old flaw in Internet Explorer or a careless employee using an open Wi-Fi hotspot is just as good as a brand-spanking-new hole in an Oracle database. The old model, in which attackers used worms or other commodity code to exploit one or maybe two vulnerabilities on as many machines as possible, is still in use for things such as drive-by downloads.
Source: https://threatpost.com/why-disclosure-debate-doesnt-matter-062410/74143/