>A common misconception IMO is that running and owning your own infrastructure is somehow more secure.
If done properly cve-s don't matter that much. You create a headscale install on a pi and the headscale port and your router's ssh (key only) are the only things visible from the outside. Take any other than a home router - aka something with support. And you are done.
I think it depends on the CVEs and where they are. If it's a software vuln that requires root or some other complex prerequisites then w/e. But, if we're talking about low level problems in either the OS or network layer (e.g. firewalls, routers) then big clouds are most likely going to have that patched and rolled out more quickly IMO.
If done properly cve-s don't matter that much. You create a headscale install on a pi and the headscale port and your router's ssh (key only) are the only things visible from the outside. Take any other than a home router - aka something with support. And you are done.