There is no official way to update against security holes via an automated program, The easiest system is the binary update system called freebsd-update for binary updates.
But I am someone whos stuck in the source update groove, So I have created my own update 'hack'
This script comes one step closer for those who seek high control over their server for updates, its called quickpatch , source based updater for FreeBSD
http://www.roq.com/projects/quickpatch/
The idea is you follow a FreeBSD release security branch via CVSUP for example
*default release=cvs tag=RELENG_4_9
Then run the quickpatch perl script, it will create a small patcher script that you can quickly run with little fuss. This will allow you to update your FreeBSD box for security updates via source.
Requirements, Perl, wget (/usr/ports/ftp/wget) and a internet connection.
To use type "./quickpatch.pl" to download advisories then "./quickpatch.pl patch" or "./quickpatch.pl patch > big_patch_file"
Also you can PGP check your advisories for maximum security by running "./quickpatch.pl pgpcheck".