This is more of an update to process than the actual product itself. The current bug listing on episerver world + regular updates is useful - but it requires customers/partners to be super proactive in responding to critical updates by monitoring the site. I'd love to see notifications pushed out for critical security updates by email saying roughly: "hey, this release fixes critical security updates affecting versions x.x -> x.x, we recommend applying this at your earliest convienence."