Why is prompt patching important?

The Equifax breach information page has some interesting root cause analysis:

  • The particular vulnerability (that the bad guys used) in Apache Struts was identified and disclosed by U.S. CERT in early March 2017.
  • The attack was done May 13-July 30.

If they had responded promptly to the CERT advisory, this whole thing might not have happened.