I'm not meticulous either. I had one responsible disclosure and a few times where I noticed issues myself but never that an attacker discovered it first. There's not that many malicious people. The only scenario where you realistically get pwned is when there is a stable and automated exploit for a widely spread service that can be automatically discovered, something like Heartbleed or maybe if a WordPress plugin has an SQL injection or so
Run unattended upgrades, or the equivalent for whatever update mechanism you use, and you'll be fine. I've seen banks with more outdated running services than me at home... (I do security consulting, hence)
Run unattended upgrades, or the equivalent for whatever update mechanism you use, and you'll be fine. I've seen banks with more outdated running services than me at home... (I do security consulting, hence)