[CentOS] Trying to justify CentOS vs. RHEL

Hi all,

I'm in the process of moving all of my RHEL systems over to CentOS but the argument that fires back at me is for critical vulnerabilities for items such as zero-day exploits and such.

From what I've been reading, RHEL releases critical patches much quicker

than CentOS which makes sense since CentOS is simply a copy and when changes occur they propagate down to the RHEL clones. My question is what kind of time frame are we looking at when a vulnerability (critical or high) is announced and a patch has been released for RHEL does it get implemented into CentOS?

Thanks! Chris