His argument seems to be that the bad guys will "reverse engineer"
the patch in order to "discover" the vulnerability it was written to fix.
I saw it differently.. Just because a patch has been released dosent mean that there isnt a hole still in the system.. The Coder will be looking for a weakness, or an overlooked weakness, that still exists or an extra weakness introduced by the modified code. Isnt this among the reasons that Sys Admins will test patches and updates before rolling out on a network?

I regularly encounter systems with Virus infestations, the clients first complaint is "BUT!! I HAVE ANTI VIRUS", that is like "BUT I HAVE PATCHED MY SYSTEM", If your expecting one or 2 of the safe methods to protect the integrity of your network your a bloody fool.. And even when you follow all the steps, you cover all the bases.. IF YOUR NOT VIGILENT YOUR NOT SECURE.. the best , IMHO, you can expect is 99%.. (and that is with an excellent staff training and policies in place)..

Here is a Question.. Knowing where your weakness lie, the best guide to securing your network.. Myth or a good fact?
And: What would you consider the top Ten USer Myths for PC or Personal information Security? (yes that can be seen as a double question..2 lists?)