One surprising finding from Nemertes’ recent security research is that, the more critical a server, the longer it takes to get patched. Not only are most critical servers patched manually (slower but safer) but patches also need to be subjected to rigorous testing so as not to cause disruption. As a result, security professionals are faced with an uncomfortable dilemma: leave the server exposed to hackers or expose it to potentially damaging patches.