Running newer versions is no panacea.
Most big projects have two versions anyway: stable and development (untested, beta, etc). Vendors should stick to stable version and try to avoid creation of "super-stable" version by backporting only security bugs. Reason is simple: almost noone (except very few maintainers and black hats) will look on this version. That's all.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds