I blame black hats. If it weren't for viruses and exploits there would be a lot less pressure to keep things updated. Remember how much flak Microsoft got for vulnerabilities pretty much ever since Windows got a networking stack? Meanwhile academic networks got along fine for decades running on unencrypted NFS/NIS.
The black hats keep the developers releasing new versions, and the product and marketing teams keep a list of "features" and "improvements" to slip into every new version. Coincidentally most of the bugs and security vulnerabilities are caused by these new features and improvements. It's a vicious cycle.
