Two meditations on software stability:
1) There is a level of panic we expect. If it were higher, we'd stop deploying to new customers. If it were lower, we'd deploy new customers faster until the level of problems became unmanageable.
2) The Linux kernel is about 20 years old (!) now. It's unreasonable to expect that upgrading the kernel nowadays will cause a net reduction in bugs. If that were true, it would be virtually bug free by now. I can assure you that it is not.
ssh+2FA to all your machines, anywhere, without opening firewall ports.