We don't because we don't use CSM, but otherwise probably would. Ever since the engine updates were removed from the sig updates, they've been solid.
However, we use our own internal SSH server for updates and point the sensors at it. We review the new signatures/changes with each release and make a determination as to whether to apply to production. If so, we put the new release in a directory on a SSH server and the updates get applied within the hour.