According to Debian Wiki, Debian Testing security updates are not maintained by Debian Security Team. Is it bad?
Also, according to
https://news.ycombinator.com/item?id=21491829
Am I better off with Stable in this case?
I ran Debian Testing for years and years with no problems whatsoever. I don’t recall experiencing any breakages. No need to reinstall the OS between updates either, if you explicitly set up apt to track ‘testing’, instead of ‘insertToyStoryCharacterNameHere’.
I had Debian Testing running on my old laptop from version 5 to version 10 with no problems at all.
I was really happy with 10, so switched to ‘stable’. And since then have seamlessly updated to 11 stable.
Security updates are usually delayed by a couple of days in Debian Testing. But it’s not really a problem if you’re running Testing on a typical desktop/laptop. It’s really only a problem if you’re running DT on a server.
Because of the internet-facing services running on them, servers present a much wider attack surface for remote attackers than a typical desktop installation would.
So any servers running Debian Testing will be vulnerable to attack for longer than ones running stable.
So the upshot there is, don’t run Debian testing on a server. Debian stable will be much safer.
On the desktop, you should be fine with Debian Testing. As long as you have your firewall enabled and running, remote attacks are extremely unlikely. And even without it, you’re probably behind a firewall on your router anyway. But it’s still a good idea to have it running, especially if there’s any likelihood that you might connect your device to another network (e.g. at work, or in a public place).
And as long as you don’t regularly visit dodgy websites, or download and install any old crap that you find on the internet, you’ll be about as safe as you can possibly be from malware too, regardless of which OS you use, let alone which version of Debian you use!!