Thanks for the replies.
Just wanted to understand - what about the edge cases that I mentioned - is there any way to handle those or is the only option for getting CentOS Stream security advisories is to follow RHEL?
I'm not sure what you mean by an edge cases mentioned.
The only thing I see is you asking about CVE's not being updated at the same time for CentOS Stream and RHEL. That's not an edge case, that's life.
Even if a RHEL developer tried to release an update at the same time on both RHEL and CS, it would be very hard because they both release at different cadences.
But, I'm not really an expert on the CVE stuff, so I don't have much to contribute to the discussion.
I just wanted to let you know about the official policy.