Re: "The patches are sent out as and when necessary"
"So if there are enough Linux world patches to fill a monthly roundup"
The point is that there aren't. A while back when we had HeartBleed etc there were a good few security patches and a lot of activity following the story you broke on Intel leakage. There are probably a lot of patches come through on bleeding edge distros but for the likes of Debian stable releases not much which suggests security patches are few and far between. Now does that mean that either (a) people have reverted to neglecting such things or (b) development practices have moved on and security has become part of the initial build? Whether or not you think there's scope for a story in there there's certainly scope for comment.