I don't think he's spreading FUD. It's a lot of trust you're placing in a 3rd party who doesn't have the source code to patch your system. Independent reviews and A B testing would help sway a lot of people, IMO.
You can find vulnerabilities using a variety of techniques, but to properly patch them you do need access to the source code. These "updates" don't even modify the executables, so would have to be applied every time you turned on your P.C.