I run and maintain about 7 separate wordpress weblogs. Unfortunately they are always going out of date. Every two months or so I need to go through the process of backing up the database, checking for incompatibilities and doing the update. It’s extremely time-consuming (and a major reason to consider blogger or hosting at wordpress.com) I work for a company that does a lot of plone deployments; one thing about plone is that it rarely suffers from all the security updates you have in the php world. Is it really inevitable that all software is vulnerable?