So, now we are getting down to specifics which is good. The official security team policy is that we support the current release and the prior one. If we want to add a release to that list, then we need to think of a way to fund it. The volunteer fire dept approach of security team cannot possibly accept more work as it currently stands. We already review patches and issue advisories for hundreds of contrib modules on top of drupal core. IMO, It is time to fund the position of "Security Team lead". That person can then focus on optimizing the volunteers and can then decide if supporting another version is feasible. If anyone wants to fund this position, or donate their employees' time toward this, then please talk to the Drupal Association. We dont' really need more volunteers on the team IMO- coordination costs start to overwhelm the benefits.
It's been mentioned a couple of times on irc, so I can't take credit for the idea, but would it be worth discussing an extension of support for older core versions? To play devils advocate this would mean maintaining 5.x until 8.x is released (or 6.x until 9.x etc.), even if only for security. Obviously contrib support for older (and newer) versions of core remains entirely optional per maintainer/project.