I like the analogy, sadly, it's not always possible to keep the
security patches up to date due to the problems with the basic software.
One place I worked at we had a secure gateway that was accredited by the Department of Defence. Every time we did any changes to the operating software on the gateway, we had to get them back to re-accredit the gateway; also, it took days to re-harden the the server involved - luckily, this ONLY applied to one brand of OS that some clients insisted we used as it was the ONLY one that ran their preferred mail server. Of the dozen servers in the gateway, this was the only one of that brand. (PS. No points for guessing which brand of OS.) The result was we only applied patches to that server once a quarter, or less - if we felt they weren't that critical; many of the patches issued were for services that were disabled during the hardening process.
We were able to get away with this because the other servers we of different OSs and didn't need regular patch upgrades, one every six months or a year was the usual schedule for them. We also did all we could to restrict communication with the difficult server, it had a router in front and behind it, and they only allowed traffic on specific ports and to specific other servers - so it wasn't all that vulnerable, but it really caused heartaches with the constant patches being released.
..........
Taking this to your analogy, it's like locking the car and leaving the windows down because the electronic window closers didn't work properly, whilst having the car in a locked garage with the distributor removed. Very secure, but one aspect less than preferred, due to internal issues.
