There have been successful cases for pedestrians that used a train trestle as a walk-way, where warnings were clearly displayed, and a fence had been put in place, but the railroad failed to ensure repair of the fence. The warning sign was not considered adequate. Would this relate to trespassers that use an invalid copy of an OS refused patches? Would this be similar to not repairing the fence? Clearly the pedestrians are trespassing, nevertheless the railroad remains responsible for the safety of their enterprise.
There is a huge difference that everyone seems to keep ignoring. Most of the defective software issues we're talking about here cause no damage until a knowledgeable person with malicious intent knows the 'defect', specifically intends to cause harm with it, and uses the defect specifically to cause that harm. This, unfortunately, makes it more analogous to the 'defect' in a gun that a criminal can use it to do harm just as an honest person can use it to prevent harm. Of course, it also makes it analogous to a gun that, when you point it at a criminal, the criminal can make it blow up in your hands. DS