[pdpi]

OS and server stack updates aren’t a case of “more secure”. Somebody still needs to do that work, and you’re trading the responsibility of doing it for the promise that somebody else will (often with no visibility into how and when).

DoS is only “solved” by “infinite capacity” insofar as you’re willing to pay for the capacity. If you have any spending caps in place, you’ll be DoSed by burning through your budget. DoS protecting must happen at a lower level than that.

[guypod]

The fact OS patching is done by people whose entire job and profession is to keep systems patched matters - they are patched more often and faster. In addition, the fact servers don't live long means it's easier to patch servers (since there's no need to patch a running system). So there's a very real difference here.