User Tools

Site Tools


parsec_patches

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
parsec_patches [2018/11/28 15:29] sgriggsparsec_patches [2019/07/11 04:50] sgriggs
Line 69: Line 69:
 Firmware is definitely not something that PARSEC can be in the business of Firmware is definitely not something that PARSEC can be in the business of
 patching.  Where possible and completely legal, we can package any firmware patching.  Where possible and completely legal, we can package any firmware
-updates that come from the OEM.  They can be embedded in the same package +updates that come from the hardware OEM which are documented to be legally allowed for distribution.  They can be embedded in the same package format we use (EPM - Enterprise Package Manager).  This is the same thing 
-format we use (EPM - Enterprise Package Manager).  This is the same thing +the big vendors do.  They just *stop* doing it after the OS becomes end-of-support or end-of-life (EOS & EOL)
-the big vendors do.  They just *stop* doing it after the OS becomes + 
-end-of-support or end-of-life (EOS & EOL).+Also keep in mind that vendors tend to stop upgrading firmware after 1-3 years from the release date. This is because they generally feel pretty confident and stable about the code as their bug reports slow down and die off. By the time you'd want to sign a contract with PARSEC, you'd probably be well out of this period. So, to be fair and compare apples to apples, the OEM vendor isn't going to give you firmware updates beyond a certain point either, even despite having the legal means to do so
  
 === What is a Kernel Patch? === === What is a Kernel Patch? ===
Line 195: Line 195:
 using your AIX 5.3 system indefinitely and still be 100% above board for using your AIX 5.3 system indefinitely and still be 100% above board for
 your regulatory compliance and patching. your regulatory compliance and patching.
- 
-=== Patch Schedules === 
- 
-Patches are released only for paying customers within two weeks after the 
-start of each new quarter. This allows for all issues found within the 
-quarter to be part of a patch rollup. The rollups are batches of patches 
-that catches you up to a secured place.  
  
 In the event of a remote root exploit or a remotely exploitable issue in In the event of a remote root exploit or a remotely exploitable issue in
Line 240: Line 233:
 is done actually quite simply in EPM. There is a directory called is done actually quite simply in EPM. There is a directory called
 /etc/software which contains a removal script for every installed package. /etc/software which contains a removal script for every installed package.
 +
 +If a customer specifically requests a patch be in native format, we can easily create that, also. 
  
 == Patching and Regulatory Compliance == == Patching and Regulatory Compliance ==
Line 249: Line 244:
 and complex.  Lawyers seem to be able to generate much more difficult code and complex.  Lawyers seem to be able to generate much more difficult code
 to parse than programmers. to parse than programmers.
 +
 +However, in most cases one simply needs to have a plan for patching and technology updates. If your plan is to [[version lock|version_locking_legacy_environments]], then 
  
 === How Do I Know What I'm Required to Patch? === === How Do I Know What I'm Required to Patch? ===
Line 603: Line 600:
 cycles and less hassle. cycles and less hassle.
  
-The pricing for our PARSEC Patch program is typically a 10% uplift to your 
-support cost.  This helps us justify putting in the time to track the 
-vulnerabilities and develop the patches, workarounds, and upgrades that will 
-make your money well spent. 
  
  
parsec_patches.txt · Last modified: 2019/07/11 04:58 by sgriggs

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki