Not trying to start an argument here but you sound very far removed from individual contributors, so maybe from your point of view it would simply look like adding it to a pile. More important than adding it to a pile is to make sure there’s systems in place to make sure OSs are patched. You wouldn’t be complaining to the IT/sysadmin guy about your servers’ vulnerability or patching schedules, you’d be talking to your cybersec department who’d have oversight. And if there’s a breach and your only defense is “I added it to the IT guys pile”, 100% you are getting fired as well.
Not trying to start an argument here but you sound very far removed from individual contributors, so maybe from your point of view it would simply look like adding it to a pile. More important than adding it to a pile is to make sure there’s systems in place to make sure OSs are patched. You wouldn’t be complaining to the IT/sysadmin guy about your servers’ vulnerability or patching schedules, you’d be talking to your cybersec department who’d have oversight. And if there’s a breach and your only defense is “I added it to the IT guys pile”, 100% you are getting fired as well.