Hi Bennie,
Don't really understand your question.
For security, you need to maintain your site up-to-date with Joomla and all extensions, including CB, Zoom, and plugins. This has become very true these days, with the massive hacking activity going on.
The open-source extensions being free doesn't mean that there is no need to keep the installation up-to-date, like you certainly do it with commercial sofware as well, starting with your computer's operating-system and software used. And that is a maintenance effort, specially with highly integrated websites using lots of components.
So I don't really understand the problem of JoomlaPolis publishing up-to-date plugins, and not supporting plugins anymore for old security-broken 3PD extensions.
CB 1.0.1 fixes really a lot of security and stability issues from previous CB versions, like 1.0 b4, 1.0 RC1, 1.0 RC2, and versions derived thereof, and we will continue to maintain CB at high-security levels, by reguar reviews and interaction with Joomla core team.
CB 1.0.x still supports Mambo 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4 hopefully, but if you use old Mambo versions, you need to apply the security patches as well.
Given the number of security fixes not released for mambo < 4.5.4, we will probably drop support for old Mambo version in CB 1.1.x, and support only up-to-date Joomla versions (and with best-effort, but no warranty, also up-to-date Mambo versions).
The flow of security-enhancements, bug fixes, alternated with new features versions will not stop anytime soon, and the only way to minimize your maintenance work is to not implement hacks or modifications, but to use cleanly defined APIs and plugins.
In CB core team, we are spending quite some time with other components developpers to synchronize our components and information, in order to keep the components interacting properly.
In CB testteam, you and other active testers are (or should be) spending time checking with each new release of joomla, mambo, and integrated components with CB.
E.g. You know that e.g. Joomla core team releases us early beta and RC versions of each stable release to check for backward compatibility, and that 3PDs interacting with CB are part of CB testteam as well, exactly for same reason.
If you are talking about updating Zoom, you should check Zoom's forum. And you should really upgrade it, as latest Zoom version is also security release. I'm sorry that you got problems with updating a very old Zoom release to the newest one, but I hope that you will find a way to test the updates on local test-server first, before applying to production server. You may also consider hiring some help to do the update. Maybe on old mambo forge, you may find intermediate versions of Zoom, to do a step-by-step version-by-version update. Hopefully this may work (it should, as it worked for admins having updated readily their Zoom, as the releases came out).
Hope this clarifies a bit your concerns, if I understood them right. You are very welcome to contact me anytime if this isn't the case (just go to Contacts page of this site, or user profile of CB testteam site, and press email
.