Why we upgrade Drupal core automatically
In July 2011 the certificate authority DigiNotar suffered a security breach. It kept this secret for some months. After the incident became public, browser and operating system developers revoked their trust in the certificates and the company filed for bankruptcy.
A final report about this incident has recently been released. We'd like to highlight one quote:
The attacker's original points of entry into the DigiNotar network were two Web servers that hosted public websites running on outdated and vulnerable versions of DotNetNuke, a Web content management system. These Web servers were located in the company's external Demilitarized Zone.
A website should not be built, then forgotten. That's why at Xplain Hosting we update all servers regularly. And that's why we update Drupal core. And that's why via our control panel it is ridiculously easy to update all your modules, or just the ones with security advisories. Security is not an option.