Great article today from hackertarget.com
It's now 28 days after the so-called #Drupageddon and up to 57.5% of the top 10,000 Drupal websites still have not applied the patch.
"The key point in this experiment is that systems that are not regularly maintained and updated when patches become available will be a liability for your organization. Ensure you have a process in place for updating all your software including web applications and add-ons."
I think it's worth noting that Acquia and Pantheon (Drupal hosting companies) both applied the patch before the Drupal PSA announcement. I love Pantheon. This is yet another reason why.
A related article from Anthony Ferrara
"And the truth of it, is that both are correct. From a security standpoint, using a CMS/Framework is both a risk, and a benefit. Like everything when it comes to security, it's a tradeoff. Does that mean you should avoid CMS's and Frameworks? No. What it means is that you need to think and plan on how to mitigate risks.
You're never safe. If you're running a system, it's either been compromised, or will be. The key is how you deal with it."