>"There are established market places for information like this, which wouldn't be the case if it all came from public disclosure reports."
I think the main effect of encouraging quicker public disclosure will be to reduce the value of a known loop hole. With companies quietly sitting on bugs, they create a blackmarket for known exploits: So if I were to discover a vulnerability, it is probably in my interest to sell it on the blackmarket and the longer the bug goes unfixed the greater (hopefully) my return.
With public disclosure however, we significantly increase the exposure of a bug, making it much easier for "script kiddies" to hack something together "for a laugh" (remember the early PC virus's?).
Additionally, just as we've seen with services such as Virus Central, a public list permits the holder of an exploit to firstly assess whether anyone else has discovered the exploit and secondly to track it's closure; knowing these contributed to the value and hence price placed on an exploit.
Whilst the effects of this might be to make major companies such as MS et al. to be more pro-active on fixing bugs, I suspect a knock-on effect will be both an increase in price and a reduction in the current included service level, due to the additional costs being incurred in maintenance and support.
So I think that we need to be sure that bugs are 'publicly' disclosed in a way that facilitates their distribution to those who wish to guard us against their exploitation and those who will ulitmately fix the bug itself, but discourages/minimises disclosure to those who wish to exploit the bug.