What happens when a vendor doesn’t patch its software?

Third-party ‘guerilla’ patching can be a good example of the community stepping up to fix flaws – but it could also compromise security