Thanks for your answer @Manoj.
I’m well aware that the security patches applied to /e/ os follow the standard patches released by Google in a monthly cycle. This is of.course well practice as one can be sure, that the system itself is always up to date and hardened against vulnerabilites in android itself.
However, if baseband software is not updated, vulnerabilites can still exist in the underlying modem software which still allows an attacker to possibly exploit the android system - even if the system itself has latest patches installed.
As far as I know, when installing or updating /e/, the RADIO (modem) and CP_DEBUG (modem debug) partitions are not touched at all. So basically, the baseband version stays the same at the point when a user switches from stock to a custom ROM and as long as he does not install patches himself.
If you check sammobile or this xda-thread ( https://forum.xda-developers.com/galaxy-s9/how-to/basebands-modems-sm-g960f-g965f-t3858990 ), you will see that new baseband versions are released regulary.
Would it be possible to implement such patches in the offical /e/-builds so that not only advanced users but everyone is able to use a fully secure device?