After another long week of dealing with "upgrade now or die" vulnerabilities, I'm wondering... Is there data or analysis that would help me quantify the risks of waiting (while I plan and evaluate and test) vs. doing immediate software upgrades? With many router vulnerabilities, exploits are in the wild within 24 hours. But how often are they used, and how often do they cause actual network outages? There have been several major router vulnerabilities during the last 2 years which have provided a reasonable data sample to analyze. Can that data be used to create a more-accurate risk-analysis model? The risk of outage is very high (or certain) if I jump into upgrading routers, and the quicker I do an upgrade, the more likely I am to have a serious, extended outage. However, this is the only choice I have absent information other than "every second gives the miscreants more time to bring the network down." If I delay doing the upgrade, using that delay to research and test candidate versions, carefully deploy the upgrade, etc, I reduce the risk of outage due to bad upgrades, at the expense of increasing the risk of exploitation. I'd love to find the "sweet spot" (if only generally, vaguely or by rule-of-thumb), the theoretical maximum upgrade delay that will most reduce the risks of upgrade outages while not dramatically increasing the risks of exploitation outages. Ideas? Pointers? Pete.