It all depends what you are looking for ...
I use docker for testing code against known configurations. Even if there is a security issue with a configuration I still need to test the code against it.
(+ add a new configuration to the test set with any security fix applied).
I'd be very concerned if tagged base images were being changed.
Once tagged that should be it. Have an update, use a new tag.
Biting the hand that feeds IT
