The bit I found interesting
Reading the report one of the problems was the mailing lists of Sys Admins was out of date so when they e-mailed people to warn them of the vulnerability not everyone got it. I thought if you looked after something part of the job was to keep any eye out for announcements for said systems and if necessary pass that information upwards. I understand you cannot go patching stuff as and when you feel like it but at least try and keep them safe! Oh what do I know?