60-120 days? Your equipment will all be fully compromised by then. I can understand not updating for feature/bug fix updates, but for security updates, you should be patching as soon as possible.
Did you actually read my entire post? What did I say about breaking this rule?
Also, there's a huge, HUGE, difference between critical well-vetted security updates and a whole host of other updates that have no material value and can potentially cost you a bundle.
I'll give you an even more extreme example: Some of our engineering workstations are still running Vista. Why? Because upgrading to 7 or 8 offers nothing of value and will trigger a few weeks of upgrading major applications and software dependencies. We will finally be forced to make the update this year because Solidwork, Solidworks FEA Simulation, the associated CAM and other software require 7 as a minimum. We are far more likely to build new machines from scratch than to upgrade the existing machines. Part of the reasoning is backup during the transition.
Also, there's a huge, HUGE, difference between critical well-vetted security updates and a whole host of other updates that have no material value and can potentially cost you a bundle.
I'll give you an even more extreme example: Some of our engineering workstations are still running Vista. Why? Because upgrading to 7 or 8 offers nothing of value and will trigger a few weeks of upgrading major applications and software dependencies. We will finally be forced to make the update this year because Solidwork, Solidworks FEA Simulation, the associated CAM and other software require 7 as a minimum. We are far more likely to build new machines from scratch than to upgrade the existing machines. Part of the reasoning is backup during the transition.