Agree; Personally, I'd move quicker to apply a fix to data security than to access security.
Access security threats are much easier to mitigate than data security issues within the OS.
Some people are so obsessed with one class of security bug (un-authorised access) that its
become all consuming for them. It's almost as if "I know my data is corrupted - but its ok NO
ONE else can ever get to it" has become the mantra.
Really what is being asked for could be re-phrased like this:-
"What we'd like you (kernel devs) to do is to categorise and provide a risk profile for some
of the bugs you fix in your software. In fact we'd like you to prioritise according to our
priorities and make it explicit in your work that these threats are fixed because we believe
they are more important than anything else."
As for the "Full disclosure" argument its nuts - the code is there, its 100% transparent...
oh, wait, you want the developer to tell you about stuff YOU think is most important - maybe
the developers have decided to opt out of classification and risk assessment and just work on
improving the product...
Like all religious arguments the underlying requirement is to make someone else do something
to make the other feel better about their world.