Free security patches - but what does free mean?

Some of you may have noticed a bit of a change on "sunsolve":http://sunsolve.sun.com lately. About a week ago Sun rolled out the newest changes to our main service and support delivery page. Two of the biggest changes from a user experience point have view may have been in the way we provide patches.

In order to get patches for Solaris 10, you need to do 2 things. You must first register and create an account (free) and us must use the Sun Update Manager (also free) to get your patches. The Update Manager makes it easier to manage patches, and includes a command line interface for people who prefer patchadd. Most patches will now require a service contract of some sort. If you‘re giving away the OS, the way you make money is charging for the extra value of service and support (how else would Linux companies be worth anything financially?)

Over the last 6 months or so, I was occasionally in meetings where folks were talking about the new patch delivery mechanisms and entitlement. I got to sound like quite a broken record as I repeated “Security patches must always be free”. The good news is security patches were still free, the bad news is, to some people requiring registration and using the update manager counted as not free.

A number of customer let us know in a hurry that they didn‘t agree with this definition (and frankly, neither do I). In the security world, a free patch is entirely free. Free of charge, free of registration, free of overhead, free of our tools. I‘m happy to report that I was able to make this case and security patches are once again available via HTTP or FTP from sunsolve (just find the patch readme and click the link).

I believe Solaris is one of the most secure Operating Systems on the planet, but even we have security bugs. Everybody, whether a customer or not, is better off when people keep their systems up to date with security patches. Anything we can do to make security patches easy to get and install (you can still install them with the Update Manager if you choose) is a good thing.

Some of our competitors seem to get this, and some don‘t.

Posted at 04:26PM Aug 09, 2005 by drscholl in General  |  Comments[1]