There is an interesting discussion around the time it takes to deliver security updates in Timely updates for NixOS