Apple used to release a security update for revision N-1 and N-2 every time the current release got a point upgrade. However, 10.12.0 and 10.13.0 were both released on their own. Only when 10.12.1 and 10.13.1 were released did older systems get patched.
So every time a new macOS release comes out, everyone has the choice between running a .0 release, or running an insecure OS for about a month.
So every time a new macOS release comes out, everyone has the choice between running a .0 release, or running an insecure OS for about a month.