What you seem to be asking for is a way to somehow classify bugs and fixes in the kernel tree as "security related" or not.
Actually it seems that there is a classification done - fixes that do get into the -stable tree, and fixes that don't...
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds