My unlocked Note 8 is on the January patch and it's only about a week behind the carrier versions. It really isn't that bad of a wait. In fact, I got December before the carriers too since they were upgrading their phones to November (at least Verizon was) so it isn't as bad as you're making it seem.
Edit: directed to post above mine.
Everyone has their standards of how long they think is reasonable to wait for security updates. Since the evolution of Android threats from spam or unauthorized apks to Blueborne, KRACK, and now Spectre, my standard is that Google is already releasing the fixes a bit later that I'm happy with, and waiting an entire month for Samsung to release the fix is not acceptable to me, and that's why I'm unfortunately on the Pixel XL2 instead of the Note. I miss a lot about the Note, but I'm in cyber-security, and now that we've entered this new era of vulnerabilities being (for the most part) purposely exposed by either serious, or fly by night security companies who want to make a name for themselves, I have to be a lot more careful than I was in the past.
Also, I do agree, that Google (and Apple) ships security updates without enough regression testing, frequently breaking basic functionality like Bluetooth, and Samsung perhaps takes longer because they're ensuring that nothing is broken. That's probably the right thing for them to do for the great majority of their clients. It just isn't for me.
Facebook
Twitter
Instagram