Just yesterday, cperciva was bragging about the FreeBSD approach to security: https://news.ycombinator.com/item?id=48056853 You can certainly argue the response here was well-coordinated, but having an LPE in a nearly 50-year old core syscall like execve() isn't ideal from a security perspective. (That is: security response isn't the entire picture; culture and bug surface matter too.)

-p8 is the current patch level for 15.0-RELEASE so if people have been keeping on top of patching this is already two reboots in the past.