[zaarn]

Well, it's not that there is nothing being done. You're distributing the patch.

You don't have to go yelling about the fact you're distributing a highly important security patch, that only draws the attention of the bad guys.

Wanting to distribute such patches as low profile is a valid choice and is not "doing nothing and waiting to people to exploit it".

[jhanschoo]

If you are a hacker it is not improbable that you are keeping tabs on updates for high profile software like Fortnight. In that case, doing things "low-profike" gives bad actors an edge.

[zaarn]

Even if you keep tabs on it, would you inspect every single update that comes out or would you rather inspect the ones labelled "security updates"?

Low-profile means what it says on the tin; make it sound so boring that hackers are less likely to attempt it.

Plus being low profile reduces exposure to people who only look for high profile stuff.

And plus "not improbable" =!= "fact".