Therein lies the problem. Waiting for exploits to be developed, before releasing fixes is reactive. More proactive code auditing could reduce the number of zero-day vulnerabilities.