The Linux patch management challenge

Vulnerability management is a service, not software, and one well worth paying for.

My post yesterday (and your kind Talkbacks to it) point out a basic issue, the challenge of managing patches on Linux systems.

There are several good software systems out there, for both Linux and heterogenous networks. But there are three steps involved in a sound process, and good software only solves the last problem, implementing patches.

You also have to find vulnerabilities and fix them.

"Commercial" Linux vendors like Red Hat (discussed yesterday) and Novell earn their money by offering a complete service -- find it, fix it, help you patch it.

GPL folks are often on their own. But there is no need for this. Vulnerability management is a service, not software, and one well worth paying for.

Tenable, which manages the Nessus security scanner project, offers a GPL feed of patches. But if you have an installation of any scale, patch management using Nessus is going to be a full-time job, and as you scale further, you may find yourself building an expensive department.

Is this a problem?

Yes. But I think it's also an opportunity. Someone who automates the whole vulnerability management process, and who supports GPL software, is going to make a lot of money.

Or is someone already doing so?

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All