In part because, well, the patches don’t seem to cover all the exploits. For the gory details, look at the CVE list here. Then cut and paste the local exploits.
Even with the latest patched source, built from scratch, there are active working compromises.
With heartbleed, all we had to do was nuke keys, patch/update packages, restart machines, cross fingers.
This is worse, in that the fixes … well … don’t.
Many many years ago, I began my Unix journey on Unicos on an Cray XMP or YMP at Pittsburgh Supercomputer Center, running some code to generate MD trajectories and energies. I hated the native shell, so I pulled down tcsh, and built it. Stored it in the local small space they gave researchers. It made using the CLI tolerable.
In the late 90s I switched to bash as this is what Linux used as its default, and I was working mostly on Linux by the end of that decade.
I am thinking of switching back to tcsh (though this could be vulnerable as well, albeit to different exploits).