I am unable to understand how that can be. Security patches will be released last of all for CentOS Stream so by design and policy, it will have deliberate exposure not only to zero day but also to 0+n day vulnerabilities. Can a vulnerable server, which has a documented exploit freely available in the public domain, be used in production environments?
The writing is on the wall. I quote from https://blog.centos.org/2020/12/future-is-centos-stream/
If you are using CentOS Linux 8 in a production environment, and are concerned that CentOS Stream will not meet your needs, we encourage you to contact Red Hat about options.