People should keep systems under their responsibility up to date.
And people should disclose security vulnerabilities.