Skip to main content

What Is Patch Aware, and Why Should You Care?

I wrote this for TuxCare to define a term that sits at the heart of the whole Radar story: patch-aware scanning. It starts with the audit scenario everyone in ops knows, where a scanner flags a glibc CVE you already patched live, and you spend hours justifying the discrepancy line by line.

Originally published on TuxCare Read the full article →

A few things I wanted people to walk away with:

  • Most scanners only read version numbers. They match installed packages to a CVE feed and stop there, which misses rebootless patches, backports, and manual fixes your team already applied.
  • Patch-aware means reading the live state. A patch-aware scanner checks what’s actually been resolved, whether through updates, KernelCare, or ELS, and focuses on the kernel that’s running now.
  • It pays off most at audit time. Radar produces audit-ready reports that reflect your real patch status, so you can prove what’s fixed instead of doing detective work.

Patch-aware scanning isn’t a nice-to-have; it’s how a scanner keeps up with the way Linux systems are actually maintained.