- Flexera Community
- Software Vulnerability Management
- Software Vulnerability Management Blog
- How Many Patches Does Flexera Have?
How Many Patches Does Flexera Have?
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Printer Friendly Page
- Report Inappropriate Content
A lot (that’s the easy answer). More than anyone else (also an easy answer). But if you are looking for a number, it gets a tad complicated. In this article, I’ll go into the ways you can count them so you can appreciate what you truly get in terms of coverage when considering the SVM Vendor Patch Module.
The below article explains the ways one can go about counting the patches available in different ways; those numbers are a point in time. For the latest list, a dynamic count, and the ability to export the list and coverage details, visit our Vendor Patch Module page.
First, when speaking to patches, we can all agree that the goal is to provide out-of-the-box patches that require no additional effort. We’ve got “over 1500,” which at the time I write this translates to 1,614 and growing. But how many products does that address is a more valuable question. Those 1,614 patches apply to 629 unique products. That is probably the most conservative way to look at the list, while at the other end of the spectrum, we can say (just as factually) that we provide valuable details on over 3,649 vendor software installers.
That is where the SVM Vendor Patch Module goes further by not limiting coverage to just those setups where we can provide everything necessary for an out-of-the-box patch. We’ve got an additional 2,035 installers covered where something may be missing that prevented us from offering an out-of-the-box patch. It could mean we are missing the setup file, the detection logic, or a silent command line for a myriad of reasons:
It could mean the setup file itself is not publicly available. In some cases, vendors do not make their installers available for download without logging in as a paying customer. In such cases, a traditional patch catalog would omit the information and disqualify it as eligible for inclusion.
It could mean we don’t have sufficient detection logic. In some cases, we may not have a reliable file on which to base applicability rules as required by a WSUS patch. The download and silent command-line information are still very clearly of high value, and so in these cases, we still provide them. Further, if the application is one that SVM can detect, we can leverage assessment data to dynamically offer applicability criteria unique to your environment.
It could mean we don’t have a silent command line. Vendors don’t always provide support for (and sometimes go out of their way to discourage) the silent installation of their applications. In such cases, the awareness that the update exists, the ability to easily obtain it, and how to detect when it is installed are still valuable, so we provide this information. However, it may be necessary to repackage such a product with AdminStudio in order to achieve a silent, customized deployment that is suitable for updating or patching it.
There are a couple of situations where products may be temporarily removed from our patch data. If virus and adware scanning were to fail for a vendor setup, we would not make it available. We are scanning with dozens of different scanners, so there may be an occasional false positive that causes us to omit a product while we investigate. There may also be situations where we have all the data necessary to build a patch, but it has failed to pass our internal testing process for some reason and requires more attention. For example, it may not have run silently as expected, or it may have a dependency not present on our test machines.
Flexera has taken a unique approach to providing an unprecedented volume of patch details by not omitting third-party software titles that do not satisfy all the criteria for an out-of-the-box patch. That is how, on top of over fifteen hundred out-of-the-box patches, we take it further to offer help with over fifteen hundred more. To be precise, 1,614 complete patches and details on 2,035 more. In total (complete and incomplete coverage), the patch data here applies to 1,208 software products across 581 software vendors.
Now that we’ve established what we have, let’s talk about ways to count it.
One title can have a lot of patches. For example, Firefox has dozens of languages and variants for which we offer patches, which essentially patches “Firefox.” Therefore, the number of patches applies to a much smaller number of products.
Some vendors provide a different setup for 32- and 64-bit architectures. And some provide distinct setups both based on language and architecture. For example, Autodesk Inventor has over 50 different setups for this reason.
We also have over 250 Mac patches (267 at this moment). For Mac, the value is all in the awareness of what has been released and the ability to easily obtain it, as the challenge of determining silent command line parameters is not applicable to Mac systems. While SVM provides research and assessment for Mac patches, when it comes to patching, the patches are provided, but cannot be pushed the way they can for Windows systems. However, we have begun to introduce support for patching Mac systems (starting with Intune), so the value of these patches is increasing. Of course, you can always download these patches and distribute using whatever mechanism you have in place for manual Mac management. As a side note, it is possible to publish packages directly to Jamf Pro (formerly Casper) for deployment using AdminStudio.
The number of patches and details provided is impressive, but it is not the most important thing. What is likely of more significance is identifying just what applications we cover that you really care about. We’ve focused on enterprise applications to maximize value, and are not just creating patches for everything under the sun to impress you with big numbers. To provide that insight, we’ve set up a place where those interested in the SVM Vendor Patch Module may verify specific application coverage. Those entries marked with an asterisk are the ones that have an out-of-the-box patch; the others are those I’ve described above as somehow incomplete.
In SVM, you can view the full list of patches (but cannot build/publish them until licensed). They work the same way as SVM handles other patches, so the learning curve is almost nonexistent. For a firsthand look, see the demo in our recorded webinar presentation or watch this very short video below, which offers a much briefer version of the same.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.