Um... the effort I had to take to patch my linux boxes was: Do nothing. (security fixes had been released and installed before I learned of the bug).
The effort I'll have to take to patch my Mac is:
* Download a new bash.
* recompile it
* install it by hand.
(and this is assuming I already have xcode/developer tools installed).
Not quite the same level of effort.
Is the article wildy off topic? Not really - its an article about yet another instance of Apple ignoring security issues, why wouldn't a previous example be relevant?
Is your position that a software vulnerability the only type of security issue? Is your position that ignoring software vulnerabilities is fundamentally a different thing than ignoring other types of security issue? I'm confused by why you are asking.
OS X: Install xcode, install xcodetools (CLI), download bash source code from a mostly-undocumented URL (need to search through apple support forums), download and manually apply patch from GNU. Build bash, manually copy build output into /bin.
That doesn't change the version of bash pointed at by /bin/sh which is a hardlink to the OSX supplied bash. Even if you previously relinked /bin/sh to a homebrew bash, it won't change versions by upgrading the installed bash.