Matt Miller: Security holes have grown by leaps and bounds, but the number of in-the-wild exploits has gone down by half in the past five years. Only 2% to 3% of patched exploits are seen in an exploit within 30 days of the patch being distributed, he says. Miller: The bad guys are going for zero days, not for security holes that have already been patched. The chances of getting hit with malware by delaying Windows and Office patches for up to 30 days is tiny compared to all the other ways of getting clobbered.”]