... some it guy has to do a
yum update -yevery few months. And they were fine. Even heartbleed didn't affect them.
To fix it on RHEL all you had to do was
yum update -y.
On FreeBSD all you had to do was
pkg update && pkg upgrade and type the letter 'y'when it asked for confirmation to proceed.
I want to be able to put the pkg update && pkg upgrade into a cron job (and also the freebsd-update related commands for the core OS). Some people say that is crazy/scary/too risky. They have legitimate arguments based on their risk apatite. Some of us believe we have sufficient mitigating controls in-place to bring the risk within acceptable levels for our particular risk apatite.