“No kidding. I have datacenter network gear that stays up without a reboot for years. The only time it gets restarted is after applying a required security patch.
You wait years to put in security patches?
No, but in general, better gear only gets patches released at very long intervals, because they did a good job prior to shipment, and most of the found problems got patched early on.
IMO, any critical system that still requires frequent system patches after a few years wasn't ready for prime time when it was released. After a couple years of operation, patches should only reflect things like changes in protocols (like dropping TLS 1.0/1.1 and requiring TLS 1.2), or patching for a vuln in a supported application.