Information isn't supposed to stay in the Cabal for long. If you want 6 months (or, more typically 5 years) to fix a serious vulnerability, you shouldn't get any kind of useful protection.