The infamous Equifax breach (which has compromised the personal information belonging to 140 million Americans) was down to a vulnerability in an application library which had already been discovered and a patch issued months before, but the patch was never applied at the company. Why does this sort of thing keep happening? Here is a research survey <https://freedom-to-tinker.com/2017/10/04/avoid-an-equifax-like-breach-help-us-understand-how-system-administrators-patch-machines/> being undertaken to try to better understand the real-world constraints under which companies operate, with a view to making the software update process more effective (i.e. more likely to be followed).