>Notice that we are testing both successful deployment, and successful functioning of the patch.
Not sure how relevant you feel this is but the sign-off from the actual service owner that their service is still performing well after the VM team finished patching could be another variable. To bring up an example; the patching team will verify that the patch was deployed ok and the vulnerability/issue was fixed, but the team responsible for e.g. the sendmail service, corporate website, etc will still have to confirm they are satisfied with the functionality of their service. This obviously requires additional time/work.
P.S. can you link the bigger versions of the images again? The recent blog posts only seem to have the small/hard to read version embedded.
