I would say that POCs are frequently the best way, if not required to get the software vendor to take the problem seriously.

Where I have a problem is with people trying to gain fame and glory before the vendor has had chance to develop and distribute a fix. Remember that the software developers are using structured methodologies and a development cycle. This takes time.

Furthermore, responsible administrators will test the patch before rolling it out. This also takes time.

IIRC CERT give one month's grace. I guess that is reasonable.

Now, Normally a POC is written to light a fire under the ass of software manufacturers, right ?
I don't go along with that, a fair few seem to be written purely for the self-gratification of the writer, which is why they are sometimes irresponsible in releasing them early.