You really don’t understand how many millions of hours of human effort force updates have destroyed.
Yes, there should always be, ESPECIALLY IN CORPORATE ENVIRONMENTS, a point where the client can vet and approve the update.
This recent Crowdstrike problem is proof of it. You LITERALLY witnessed proof as 1/4 of the world basically shut down for the day. This would have been avoided in many cases if the update was vetted by the local IT teams.