As we provide software that contains 3rd party components which regularly get security patches we subsequently have to publish patches of our software that deliver these fixes. In addition to that our software itself can comprise security issues and will have to be updated.
To highlight releases that are necessary to ensure a safe operation in production we need the possibility to mark them as security patches.