Sorry for the late out of context reply, but I just saw this nice thread and want to specifically question the statement that Debian is a massive issue. I should note that I don’t personally use Debian and am not attached to it in any way.
It is well known that Debian stable is (intentionally) very much behind in general software updates, but is the situation really the same for security updates?
It’s worth noting that Debian also has the Testing and Unstable versions that get updates much faster.
More generally, is there available data on the response time to security issues of various Linux distros?
I know of no such resource, but I would think that since Debian is so popular and has a lot of developers and corporate users (for example Google uses Debian as the desktop OS for most engineers),
it can’t be much behind other distros.