We rely more on our firewall then patches to protect us....why well with all of the testing we *have* to do one every patch to make sure nothing breaks it can take weeks to months to roll a patch into production (and some patches can never get installed due to what they break).

A note on Slammer the *patch* was so difficult to install 6 months ago(it involved manually moving files, writing and running sql code agenst each instances ect.) that a lot of places never implemented it ...including microsoft it wasn't until slammer did its damage that they released a easy to install hotfix.