This can be said about any platform, regardless of the language.
Why are the updates even necessary? If you are still on Rails 2.3.8, you aren’t getting hacked just because you didn’t move to Rails 3 yet. But the situation with Wordpress & its ecosystem seems waaay less secure by default.
> This can be said about any platform, regardless of the language.
Not to the same degree, no sir.
A fair comparison would be Drupal, Joomla, vBullentin - anything of that nature - which all regularly release updates.