What makes you say that? It's no different than things were in 2003...or 2002...or 2001 (Nimda and Code Red, anyone?) or 2000...1999...1998...et cetera, ad nauseum.
Huh...and Steve Ballmer says everything would be fine if security researchers would "just be quiet."
He actually makes a very good point. Security researchers would be doing a much greater service to society if they submitted their findings to Microsoft for private correction so that the patch could be released before the public was even aware the hole had been found. That way, you got the patch before any of these foreign hackers were attacking you.
And it's always these foreign "security firms" that open source the exploit if not the viral code itself to the general public leaving Microsoft in a "you have to be kidding, who are you supposedly helping here" position, one that certainly seems understandable.
However some feel that the open source release of viral code before notification of Microsoft or other vendor is a positive thing. There are as we've come to learn those that wish as much ill harm on Microsoft as possible, and there is also a group that feels the virtual terrorists are already pulling out all the stops to get viral code in effective use by open sourcing it to the internet, but that ultimately that has helped the overall security of the internet by already requiring the fastest possible responses to emerging threats.
I disagree with anyone who supports publicly releasing exploits much less open source code of viral technology before vendor notification, as they are crossing the line between being a white hat hacker and a black hat one.