Perhaps I misunderstand what you're saying, but it seems that I frequently hear of people's systems being compromised because they didn't, for example, install security patches and the like. Because they didn't sanitise SQL queries from untrusted sources. Because of a buffer overflow. They've been written down for years, and they're still regularly used to compromise people's systems.