Linux users online tend to get very high and mighty every time another OS has a sucurity bug. But it's a good thing for Linux hehe
That's because illuminating security vulnerabilities is VERY GENERALLY a good thing for an open source community driven software that can be more agile than closed and private code bases that are GENERALLY entrenched in a corporate structure slowed by all of the inertia inherent in those systems.
This process initiates with Linus Torvalds, wherein, he releases a new kernel and then opens a 2-week merge window. During this merge window, he pulls the code for the next release from subsystem maintainers. Subsystem maintainers send signed git pull requests to Linus either during the merge window or before
Sure. I'm not excusing it, just saying now they we know about it, at least it can get patched. Nothing worse than having a security hole going unpatched for years.