Apple's problem is stubbornly adhering to their annual cadence of releasing a new version of software whereas the previous version was just mostly fixed up with duct tape that summer (as in WWDC announcement summer time). Catalina is lauded as a pretty bad release and now it's ARM prepping time so pack it up and move forward. For iOS they probably have a solid audience of testers to sort through; for Macs, I doubt developers even get a chance to catch all the bugs before the next release triggering a new wave of conflicts. It's all fine and dandy for a simple app but a pain in the butt for complicated programs.
I think Apple spread themselves too thin, don't have quite the actual talent they think they have, and work on a deadline where no one wants to be fired or blamed so everything is done as much as it can regardless of function or feasibility until it's cancelled or postponed. I don't know why they feel they need to release so often when Macs are generally neglected hardware-wise. I really think 18 months or even 24 months with a service pack in-between for crucial bugs/security would be so much better for the desktop platform. Microsoft seems to be going the same route with seasonal updates too.
I don't think that ("annual cadence of software") plays quite the role you think it does.
The tying to a specific timetable (September iPhones) is the real problem, IMHO. Allowing the release to shift three months or so, to really fix the last few serious issues, should be part of the release mentatlity.
The annual cadence, including releasing even though things feel unformed, is "necessary" if you want to move forward. It turns change into a constant low-level pain for everyone (devs, users, Apple) rather than turning it into something so large and terrifying that no-one wants to move forward in the slightest (mostly the MS and Linux experiences).
Someone who does not follow Apple closely (ie most people) has no idea how much Apple has been changing the OS guts of Darwin (including macOS) for the past four years or so. Obviously there's been a huge amount of security stuff, but look at the consequences of that
-- huge changes to permissions on macOS, changes to volume layout, volume sealing, notarization, moving drivers into user space, splitting more and more monolithic process (things like in-process video decode) into separate processes, creating a hypervisor, ...
macOS is diverging more and more from traditional UNIX to something that has both a very different security architecture, with all that implies, and a very different structure that's more appropriate for a many-core world. All of this is not easy! But it's the sort of thing that needs to be done if you want to keep improving, if you have a vision of a better future.
Now there are plenty of people who don't have such a vision; they believe that Windows or Linux as it exists today is basically close to perfect, enough so that all that's required is some tinkering at the margin, and that the disruptions caused by more extensive changes are not worth the hassle. (cf the US as the one country in the world that's not willing to go through a few years of pain for the eventual benefit of being metric like the rest of the world.)
They're welcome to believe that; they're the users of those systems. But Apple (and Apple's ecosystem) do not see the world that way; and comparing Apple (why this constant OS churn, why keep making big changes?) to other OS's where the changes are smaller misses the point that they are doing different things.
As for why it's more disruptive on Mac than on iOS, I don't think that's incompetence or even less concern and less testing. The Mac problem is fundamentally harder. Apple wants to get the Mac to essentially the same point as iOS devices with respect to RAS, but (in spite of the never-ending claims of the more paranoid elements, ie 80% or so..., of the internet) they don't want to give up Mac capabilities to get there.
So iOS/iPadOS can simply have a very limited set of hardware connectivity, with no concern for backward compatible hardware or software, and few expectations. While macOS has to graft RAS onto a system that has expected (and continues to expect) that they can plug in a huge variety of printers, hard drives, HID devices, screens, etc; along with a variety of third party drivers, and that will all work (and continue to work going forward to ARM). This means large disruptive changes like creating all the code on the Apple side to allow drivers to run in user space, then the changes on the developer side to move their drivers over.
Compare say Linux. As far as I can tell Linux has been talking about user space drivers for years and years. And they have a few toy drivers (things like case LEDs) that demonstrate the concept. But the work of doing this seriously, moving many, performance critical drivers, into user space as far as I know remains undone, still just talk.
The same is as true for security. Apple wants iOS levels of security for the mac. But the mac expectation has been that random third party code can do what it likes to the entire disk, not just its sandbox. Hence the phenomenon of ransomware...
Ideally what you'd like is that third party code can do what it likes to some small part of the file system that it's been given access to AND can modify the rest of user files WITH THE USER's EXPLICIT PERMISSION, but not otherwise. But that's a hard place to get to technically. Not just changes to the OS, but changes to developers ("be prepared that you ONLY write in your directory, and you use these APIs otherwise") and to users ("be prepared that it's OK when an app asks for this type of file permission in this context, but it's not OK in this other context"). Not easy. Messy.
But the end goal is that you'll still be able to run an app like, I don't know, maybe XCode, that has good reasons to be able to look at files anywhere in your home directory, but in any malware gets onto your mac it will NOT be able to encrypt every file in your home directory and demand ransomware.
Every time you complain about this Apple churn, think of that as the motivating example -- what's allowing ransomware to encrypt your entire home directory, and how would you stop it?
Saying "well don't allow ransomware onto my machine" is a childish answer. Duh, of course that's a different prong of security, also important, also being worked on; but we want defense in depth.
Are standard UNIX permissions going to protect you? Clearly not. How about Microsoft's richer set of permissions and extended attributes? I know a lot less about them, but I don't think so.