The most serious security flaws usually do not stem from missing patches. There is no patch for bad judgment. Because of the potential for patches to cause problems, we often hear people say that they will not install patches because they cause instability. Well, keep in mind why patches are issued in the first placeto prevent exploitation of some security issue.
NOTE: If you think patching makes a system unstable, try getting yourself hacked. That tends to be even more destabilizing! Go back and re-read the section in Chapter 2, "Anatomy of a Hack: The Rise and Fall of Your Network," about how to get an attacker out of your network. That should put the cost of patching into perspective.
Most attackers are not very good system administrators. Relying on them to keep your systems stable is a losing proposition from the start (not to mention what it takes to clean them out of your system).