Not to be annoying here - but fact remains, that upgrading to new versions of the kernel, also includes new features, which in turn may add more security problems, than the bugfixes solved.
There's a reason people pay RHEL to backport ONLY fixes (bugs, security etc.) - so the change becomes as little as possible - increasing the likelyhood of the amount of bugs with security impact going down, as time goes by and bugfixes are applied.