Security patch policy
Does anyone know of a public document that explains HPE's or MF's official policy on the release of security patches for supported Connector and Logger appliances?
We've had a security scan done on appliances that have the September 2017 security patch installed, over 70 CVEs have been identified, and our security department is asking me to document what is the official commitment of the vendor on this.
I've opened a call, insisting that what I'm looking for is a long term general commitment, such as upgrading RHEL over time, rather than a ton of security patches outright (which I think is reasonable, as there are many issues).
To be polite, Tier-1 support has been giving me the runaround for weeks and I'm starting to lose patience. Considering these appliances are a security product, I was expecting to be taken seriously.