Information sharing and collaboration will always bring with it defects that lead to vulnerabilities, which lead to exploits, and, ultimately, to successful attacks. The real question is whether more can be done from a vendor perspective to reduce the risk exposure of these exploits, including minimizing the sale of exploits on the black market.
The CIO or CSO needs establish strong relationships with security researchers and vendors. A relationship with the research community can help a CIO understand risks within a specific environment. A relationship with the vendor community helps keep the vendors grounded in the business realities of building secure solutions. A great way for the CIO/CSO to stay connected with the security community is to participate in some of the leading security groups. Here are two worth considering: