The Linux patch management challenge

Summary:Vulnerability management is a service, not software, and one well worth paying for.

My post yesterday (and your kind Talkbacks to it) point out a basic issue, the challenge of managing patches on Linux systems.

There are several good software systems out there, for both Linux and heterogenous networks. But there are three steps involved in a sound process, and good software only solves the last problem, implementing patches.

You also have to find vulnerabilities and fix them.

"Commercial" Linux vendors like Red Hat (discussed yesterday) and Novell earn their money by offering a complete service -- find it, fix it, help you patch it.

GPL folks are often on their own. But there is no need for this. Vulnerability management is a service, not software, and one well worth paying for.

Tenable, which manages the Nessus security scanner project, offers a GPL feed of patches. But if you have an installation of any scale, patch management using Nessus is going to be a full-time job, and as you scale further, you may find yourself building an expensive department.

Is this a problem?

Yes. But I think it's also an opportunity. Someone who automates the whole vulnerability management process, and who supports GPL software, is going to make a lot of money.

Or is someone already doing so?

Topics: Open Source


Dana Blankenhorn has been a business journalist since 1978, and has covered technology since 1982. He launched the Interactive Age Daily, the first daily coverage of the Internet to launch with a magazine, in September 1994.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.