[FatalLogic]

Yes, totally, if you want to make the best decision, then you have to keep up with the news. That's why I'm interested in other opinions about this, because there's a lot of datapoints you need to factor into a decision. It's not a simple decision. That's work, and we are lazy humans, you're right.

But, I don't wait a whole week if the update is from an organization which I think I can trust not to totally botch an update, because they're conscious of the enormous potential for costly legal liability. I'm thinking of organizations such as Microsoft, Apple, Nvidia, AMD, Google, as a few examples. I might wait 1 or 2 days in that case.

[labster]

It's more like a botched update from Microsoft, Apple, etc. will be noticed by lots of people within one or two days.

[FatalLogic]

The size of the user base is certainly an important factor. To maybe exaggerate a contrary opinion though, I'd say that users of, for example, Ubuntu Linux, are far more alert to security issues than Microsoft customers.

I'm not totally disagreeing, I'm just trying to say that calculating a confidence score for software updates is not simple. Maybe it's clearer if I give you a real-world example: I use cryptocurrencies to move moderately large amounts of capital in my business, and so my paranoia-level for software installed on the single, air-gapped laptop that handles cryptocurrencies is sky high and crazy cautious. My other business is separated from that, and I can be much more relaxed about software updates for it, because the risks are much lower.