Drupal's Update module provides a mechanism to check for available updates to Drupal core and contributed modules, and optionally send emails to notify site admins of available updates. But leaving the update module enabled on live sites can lead to performance issues and I believe it's best practice to leave it disabled. So how do you take advantage of it to be notified of crucial security updates? Ansible!
Ansible is a configuration management and automation tool. It's mostly used for setting up and maintaining servers, but it can be used for many, many more tasks. So I've written an Ansible role, Drupal Update Check, which will go out to your servers, check for updates, and email you when updates are available. With the amount of sites I need to look after, it saves me an incredible amount of time in figuring out which sites need updates and which ones don't.
To use the role you need to configure the update module on your Drupal sites to send out emails when updates are available and then disable the update module. I set it up for security updates only since I run this role after receiving emails about available security updates from drupal.org. If you're not subscribed to that newsletter, do it! Just log into drupal.org and subscribe through your profile. When the emails start coming in, I run the role and am then notified which sites I manage have available updates. If you wanted to automate it you can run your playbook on cron every Wednesday after the security updates are announced.
The role is just a few drush commands which enable the update module, check for updates, and then run cron to send out the emails. It then deletes the update module's variables of when updates were last checked for, since by default it will only send out one email per day, or week. That way you can run the role over and over and still get the emails no matter when you last checked for updates.