I don't think patch cycles are tenable.
Sit on it for four months so that enterprises get them all in one go and sit on them another few months while "testing"? It leaves everybody who isn't slow as a dinosaur out in the cold. Oh, and does open those enterprises up to targeted attacks they don't even know existed (because the vendor is sitting on the security notes as well, for their convenience), too. Because, let's face it, if you go out on the black market to buy exploits, you have a target in mind. Like, oh, oil companies or something.
The point is that one-size-fits-all patch releasing in fact doesn't fit all but does come back to bite everyone. Time for a re-think then.
Personally I'd want to have a server that I can trust sitting somewhere, that fetches all the patches and updates for all the operating systems and applications I have deployed, along with (readable, actually containing useful descriptions of what the patches do, looking at you here, redmond) release notes for each patch. And no, that server won't be running any commercial OS, thank you, but open source of my choosing. And then I want to be able to selectively push the patches out to the test bank first, then to group this, group that, and so on, with the ability to partially or fully roll-back at the first sign of trouble.
This obviously doesn't fit Joe Average User, who cannot be trusted to update --for a variety of reasons, and not all of them are poor Joe's fault, not by a long shot-- so various bits of software just phone home and update without permission or much notification at all. But quite a lot of pointless nagging to make up for it.
Why do so many parties insist on reinventing the wheel? What about an open standard for distributing patches, that supports both models above, and more to boot? Independent of OS, so you can pick any server OS to run your patches server for any other OS? How hard can it be? All it requires is that various vendors get their heads out of their arses and... oh right, n'mind then. Carry on.