Security, Integrity and Quality of SVM Patches
There are three important aspects we make a priority at Flexera when it comes to the patches provided in Software Vulnerability Manager (SVM) – Security, Integrity, and Quality. No matter if the patch comes from our Flexera Software Patch System (SPS) or the Vendor Patch Module, our commitment remains the same.
The patches in SVM are always obtained from the official vendor or in a special case, a site that the vendor has specified as an official trusted location for their installer. This applies to both commercial and open-source products. The installer files are never obtained from any third-party source. Once acquired, it is scanned for viruses against a multitude of high-profile scan engines. Putting the file through multiple scan engines helps us eliminate false positives and to ensure accurate and consistent results.
After the security test is passed, the files are then stored on Flexera’s download server. A hash for each of the file is calculated and stored in our database. After SVM downloads the patch installer file on the host machine for installation, the hash is calculated again and verified against the hash stored in our database to ensure the file has not tampered during the transit and the integrity of the file is maintained. For SPS packages, we go even further by code signing the package.
A lot of time is invested in researching the silent command line parameters for each patch. All the silent command lines go through an internal QA cycle to ensure the installation performs as expected. Each is installed with researched silent command line parameters to verify a successful, silent installation. For SPS Packages, the silent command line parameters are wrapped within the installer file, however, for Vendor Patch Module the silent command line parameters are provided external to the installer file. For SPS packages additional proactive testing is done by deploying the packages in the live environment on various versions of Windows to ensure the package behavior is as expected.
There is always some level of risk involved in deploying patches, so it is important to test and ensure expected behavior in your unique environment. However, you can rest assured that Flexera has employed a robust process to ensure confidence that any patch from SVM has undergone strict scrutiny in terms of security, integrity, and quality to help you deploy the patches with full confidence.