Linux Kernel doesn’t differentiate between security bugs and other bugs, which is the main complaint here I think. They have the same process.

So the issue is bigger than the mishandling of a single issue, it’s a fundamental process issue around security for one of the most impactful projects in the entire space.