The good news is that recession or no, security remains a somewhat uncuttable expense for CIOs, according to new data from Morgan Stanley Research. The bad news is that none of it will work if those same CIOs don’t patch their software. AWS Vice President Matt Wilson is absolutely correct when he argues, “It is the responsibility of the consumer of software deployed in security- or reliability-critical systems to safely patch it (among other things), or retain the services necessary to have it maintained for them.”