Organizations that deploy updates only after a vulnerability is disclosed apply far fewer updates and do so at a lower cost than those that stay up to date on all of their software, university researchers say.Source