Mark Shavlik, CEO of Shavlik Technologies kindly linked to my thesis. He then went one step further and answered some of the claims I made in my thesis about a paper they released entitled Security Patch Management: Breaking New Ground. I have previously, in my darker thesis-writing days, written some not-very-nice comments about that paper in an entry entitled Shavlik and the mound of FUD.

Mark had his head screwed on right in the first place when he called the debate a "red herring", and his response shows it. Ironically, it seems it was an attempt to counter FUD from agent-only distributors. It's just a pity common sense has marketing departments to contend with.

After work such as Do Enterprise Management Systems Dream Of Electric Sheep?, and the 'everything-as-an-agent' syndrome security products seem to be going through, I think there is stronger ground to advocate against an agent-only based solution, coupled with the obvious need to be able to push patches to machines which haven't gone through a gating process.

Thanks for the response Mark. CEO blogging++