You buy a car and as you're driving along a message comes into the dashboard: "Car Update needed, to fix A/C" you ignore it. Don't update it who cares, you're driving smoothly. Another alert comes into the car dashboard: "Critical alert, your breaks need this patch"... You ignore it and drive along. 5-10 years later the car manufacturer EOL's the car and support for it. You crash... Who is to blame, the car manufacturer or you for not applying the updates. Granted the manufacturer could have given you a better product, the fact remains, it is what it is.
Unfortunately in the software industry you get (when you do, not always) the alert and the patch after the fact, ie the exploit has been already out there and your machine may probably have been already compromised. I never seen any operating system coming with a sign saying "Use at your own risk", why when I buy a piece of software I have to assume it to be insecure, and why I have to spend extra money on a recurring basis to make it less insecure, when there is no guarantee whatsoever that after maintenance, upgrades, patches and extra money my system will not get compromised because a moron forgot to include a term inside an if before compiling. Insecurity and exploitable software is a huge business. I don't expect software to be 100% safe or correct, but some of the holes and issues are derived form bad quality stuff and as car manufacturers the software producers should have a recall/replacement program at their own cost. My .02 Jorge