If your system is secure, updating it can only make it insecure. If that is your one and only priority, you have to review updates before applying them, and since you have thoroughly investigated your entire stack up to this update and that version also has your real-world testing behind it, you’re probably not going to apply most updates until some other priority comes along or you discover a previously unknown vulnerability.
I mean, yes, if you can guarantee that all your software stack in 100% secure. In reality this is unfeasible on even mathematically impossible to do formally (reducible to the halting problem). So while bugs keep being found in things like the Linux kernel (naturally, nothing is immune to oversight), and they’re always going to be, keep your software up to date.
If your system is secure, updating it can only make it insecure. If that is your one and only priority, you have to review updates before applying them, and since you have thoroughly investigated your entire stack up to this update and that version also has your real-world testing behind it, you’re probably not going to apply most updates until some other priority comes along or you discover a previously unknown vulnerability.
The Internet has been an adversarial environment since at least 1988
Thanks to recent AI advances, new security vulnerabilities are being found at a crazy pace in all layers of the stack, from firmware to GUI.
I mean, yes, if you can guarantee that all your software stack in 100% secure. In reality this is unfeasible on even mathematically impossible to do formally (reducible to the halting problem). So while bugs keep being found in things like the Linux kernel (naturally, nothing is immune to oversight), and they’re always going to be, keep your software up to date.