There are three important aspects we make a priority at Flexera when it comes to the patches provided in Software Vulnerability Manager (SVM) and package data provided in the AdminStudio Package Feed Module (PFM) – Security, Integrity, and Quality. No matter how you leverage Flexera's content, our commitment remains the same.  

• Security 

Vendor setups are always obtained from the official vendor or, in a special case, a site that the vendor has specified as an official trusted location for their installer. This applies to both commercial and open-source products. The installer files are never obtained from any third-party source. Once acquired, the file is scanned for viruses against a multitude of high-profile scan engines. Running the file through multiple scan engines helps us eliminate false positives and ensure accurate and consistent results.  

• Integrity 

After the security test is passed, the files are stored on Flexera’s download server. A hash for each file is calculated and stored in our database. After SVM downloads the patch installer file on the host machine for installation, the hash is calculated again and verified against the hash stored in our database to ensure the file has not been tampered with during transit and the integrity of the file is maintained. For SPS packages, we go even further by code-signing the package. 

• Quality 

A lot of time is invested in researching the silent command line parameters for each patch. All the silent command lines go through an internal QA cycle to ensure the installation performs as expected. Each is installed with researched silent command line parameters to verify a successful, silent installation.

For SPS Packages, the silent command line parameters are wrapped within the installer file; however, for Vendor Patch Module, the silent command line parameters are provided external to the installer file. For SPS packages, additional proactive testing is done by deploying the packages in the live environment on various versions of Windows to ensure the package behavior is as expected.  

There is always some level of risk involved in deploying patches, so it is important to test and ensure expected behavior in your unique environment. However, you can rest assured that Flexera has employed a robust process to ensure confidence that any patch from Flexera has undergone strict scrutiny in terms of security, integrity, and quality to help you deploy the patches with full confidence. 

For information on catalog  content, how many installers we support, and how to request additions, please see the following:

Vendor Patch Module

• VPM Catalog
• VPM Catalog Counts
• VPM Catalog Requests

Package Feed Module

• PFM Catalog
• PFM Catalog Counts
• PFM Catalog Requests