Speed at which a patch can be pushed to all clients is important..
How fast is an security patch converted into an exploit ? F-secure's @ TimoHirvonen did a study and came with this example to document a time-to-exploit timeline. â€¢ 2012-08-14: Security update available for Adode Flash player, patches vulnerability CVE-2012-1535. ( Security update available for Adobe Flash Player ) â€¢ 2012-08-15: Microsoft Office Word documents with embedded Flash exploit for CVE-2012-1535 seen in the wild. ( CVE-2012-1535: Adobe Flash being exploited in the wild , CVE-2012-1535 - 7 samples and info ) â€¢ 2012-08-17: Exploit is added to Metasploit Framework â€” a public, open-source tool for developing and executing exploits. ( Adobe Flash Player Exploit CVE-2012-1535 Now Available for Metasploit ) Took just one day for it to be converted into an exploit. In other words, it is not enough to release a patch. What matters now is how fast can all the clients can be updated after a patch is released.