Defense in depth is exactly that - in depth. That means that you understand your vulnerabilities (both in terms of software and design) and you address them properly. The "properly" part comes with a whole bunch of things - use what's in the kernel, for example. Companies often do not roll out patches immediately. Stability is far more important than security for most, and rightfully so - they have their priorities. Companies also likely have a server babysitter who sits there and reads logs from the firewall and IDS/IPS. You don't have these things - you don't hire someone to sit on your router and read everything that happens etc. I will also say (because I believe you are on Linux) that it's a bit less important to patch on Linux. Because of the tools provided you never really have to leave the kernel if you want security, you have apparmor/selinux built right in and many services make use of those by default. You can't get that on Windows (Windows 8 may potentially bridge the gap) and users will need to go to third party security programs to achieve similar goals. I'm not trying to make this a linux vs windows, only bringing this up because I think you are on Linux and it directly addresses your question. If you're on Windows patching is very important because the tools provided really rely on the kernel not being vulnerable and local exploits are easier to create the more room you give the program to work.