As I wrote yesterday in Part 1 of this series, software updates are not an acceptable solution to security problems for many organizations that cannot shut down their systems. A great deal of software is inadequately designed and tested before it is shipped. Software companies (and open source groups) expect users to live with the consequences of their poor engineering methodologies. The software industry needs to improve its practices and deliver more reliable products.
Unfortunately, the news media have relied on quotes from a mixed bag of people, most of whom recommend updates as the best method to battle Internet attacks. CNN went so far as to publish an opinion piece from a lawyer and self-described hacker which provided this advice. I'm disappointed that CNN didn't make an effort to find more a more qualified person to speak on this important topic.