i am not sure what the benefits of your proposal are compared to the "cooldown period" way.
the releases will be delayed for the same time period, but you increase the amount of coordination required significantly and reduce user agency.
Currently we release software to the public early and let people find vulnerabilities after release. A few early updaters get burned but the rest of us is saved. This cannot go on.
One idea to get out of this mess is to use cooldowns. But this idea only works if what GP said is true: Vulnerabilities are mostly found by (paid) specialists and advanced tools and not the general user populations.
My point is that, if that is true we do not need to release insecure software. Do the magic before the release and no one gets hurt.
loading story #48418888