My reasoning is,
Even free software should have security updates available.
Yes I can manually surf to the site, create another account, download the software, place it in my repository, unpack,and then update the Linux nodes. And yes I can do this 3x a year and perhaps within 10 minutes.
The problem is that you rely on a human factor to update your software.
With your suggestion a security update is delayed by maximum of four months. But in reality many customers will not update manually routinely. This is the responsibility part.
It might happen that a security issue in your software is left unattended, on a large scale.
This is the part I cannot understand for a security company.
It is a matter of principle to me: the software owner should provide access to automatic updates.
In my case I am setting up a weekly automatic update and vulnerability scan for the Linux machines and the centrifydc software I find on a few servers creates a risk, because I cannot maintain it in an automated way.
Have a nice weekend,
Merijn
Even free software should have security updates available.
Yes I can manually surf to the site, create another account, download the software, place it in my repository, unpack,and then update the Linux nodes. And yes I can do this 3x a year and perhaps within 10 minutes.
The problem is that you rely on a human factor to update your software.
With your suggestion a security update is delayed by maximum of four months. But in reality many customers will not update manually routinely. This is the responsibility part.
It might happen that a security issue in your software is left unattended, on a large scale.
This is the part I cannot understand for a security company.
It is a matter of principle to me: the software owner should provide access to automatic updates.
In my case I am setting up a weekly automatic update and vulnerability scan for the Linux machines and the centrifydc software I find on a few servers creates a risk, because I cannot maintain it in an automated way.
Have a nice weekend,
Merijn