Charging for bug fixes can also be seen as protection money: "Nice security holes you've got there, it'd would be a shame if anyone were to abuse them."
And no software vendor would like to categorize bugs as security related or not, or maintain and test all combinations of old releases plus security patches applied. The easiest is if all customers stay on top of tree.
And no software vendor would like to categorize bugs as security related or not, or maintain and test all combinations of old releases plus security patches applied. The easiest is if all customers stay on top of tree.