Interesting question, right?
Stumbled over this again and again in the last 10 years. Spreading knowledge as an effective defense might work in some cases but in others it'll give bad actors "good ideas", maybe?
We live in a world were the contradictions are immanent everywhere. We got all the info and stats on digital hygiene and patch discipline on the one hand and PoC exploits might be very helpful to some bad actors out there as well.
Pressuring the market to comply with patching needs and other mitigation tactics by publishing PoC exploits works for the most part. At least for those organizations that have a matured ITSM in place.
Others, especially in the SMB arena and sadly even in many government services, can't seem to keep up with those needs and often fall short and prey to the threats out there.
It's a dilemma that'll be with us for the forseable future I'm afraid.
Just now I've read the following article and poll about this, interesting!
So, what do you think? Is it better to put it all out there so that people can protect themselves by putting in place the needed mitigations or rather weigh the likeliness of such an exploit being used against "us" before publishing?