~Providing security packages for at least 4 years from the end of community maintenance to support continued use of CentOS~
SB Technology Corp.
SB Technology Corp. (Headquarters: Shinjuku-ku, Tokyo, President & CEO: Shinichi Ata, hereinafter referred to as SBT) provides security measures for organizations using CentOS Linux (hereinafter referred to as CentOS) 6, 7, and 8 in Japan. From January 25, 2024, we will start offering a modification package called ``CentOS Extension Package'' on our own e-commerce site ``NOZ SHOP.''
This service allows you to use the CentOS security package provided by Cybertrust Japan subsidiary of SBT that develops Linux OS, for a contract period that suits your needs, starting from a minimum of three months. We will provide security packages for 4 years from the end date of CentOS 6 and 8, for which community maintenance has already ended, and CentOS 7, which will end soon.
The security patches provided within this service are developed by CloudLinux, Inc. *1. We provide patches for CVSS v3 *2 vulnerabilities with a severity level of "Important" or higher *3 and vulnerabilities that are less than "Important" but are judged to require countermeasures. Also included in the list of vulnerabilities that have been confirmed to have been exploited (KEV Catalog) published by the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security (DHS). If there is a patch that has not yet been developed, SBT will make a separate development request. This allows users to continue using CentOS with peace of mind while the security package is being provided, even after community maintenance has ended.
In addition, for CentOS 7, whose maintenance will end on June 30, 2024, those who purchase the "CentOS 7 Extension Package 12 Month Edition" from today to March 31, 2024 will receive an early purchase benefit on a first-come, first-served basis. A 10% off coupon is available for only 1,000 contracts.
For details on early purchase benefits, please check the information in "CentOS 7 Extension Package 12 Month Version".
■Background
CentOS is a free Linux distribution that is based on Red Hat Enterprise Linux (RHEL), a paid Linux distribution provided by Red Hat, and was developed from the RHEL source code with the aim of being fully compatible. It has been confirmed that in domestic organizations, it has been widely used in web servers etc. since the 2000s.
In December 2020, Red Hat and the CentOS Project announced that community-based maintenance for CentOS 8, which was scheduled to end on May 31, 2029, will end on December 31, 2021, and that CentOS 7 will be completed as scheduled in June 2024. We have announced that maintenance will end on the 30th of May. Since no direct successor OS to CentOS will be released, users are forced to migrate.
After maintenance by the community is completed, security fix packages will not be provided even if critical vulnerabilities are discovered, leaving the system vulnerable to cyberattacks. However, even if maintenance has already been completed for an OS such as CentOS 6 or 8, there are many voices that wish to continue using it for reasons such as the difficulty of immediately migrating to another OS.
For example, according to the results compiled by SBT based on information published by CloudLinux, there were 687 vulnerabilities discovered in CentOS 8 *4 from the end of maintenance to the end of 2023, of which the severity level was ``important''. ” (CVSS 7.0) or higher.There were 182 cases. If you have no choice but to continue using the service, you will be required to take measures to prevent vulnerabilities that will be discovered after the maintenance is complete.
Up until now, SBT has been working with Cybertrust Japan to provide support for security measures for CentOS after maintenance for enterprise companies. We have now started offering this service on our own e-commerce site so that it can be easily used not only by major companies but also by small and medium-sized customers.
■Service overview
This service provides security packages for four years from the end date of CentOS 6 and 8, for which community maintenance has already ended, and CentOS 7, which will end soon. Security packages are obtained by connecting from the customer system to the repository server managed by SBT.
Everything from purchasing on the e-commerce site to starting use can be completed online, and you can start using it in as little as 15 minutes. Additionally, contracts are available starting from one unit, and contracts can be made for as little as three months to suit customer needs.
・Extension package offer period
・Price (tax included)
Contract period | CentOS 6 extension package | CentOS 7 extension package | CentOS 8 extension package |
---|---|---|---|
3 months | 19,800 yen | 19,800 yen | 19,800 yen |
6 months | 39,600 yen | 39,600 yen | 39,600 yen |
12 months | ― | 79,200 yen | 79,200 yen |
For more information on the "CentOS Extension Package", please see here.
https://noz-shop.jp/sc/co_lp.html
■Future outlook
In the future, we plan to provide a re-extension package for CentOS 6 for two years from December 1, 2024 to November 30, 2026. We also plan to provide extension packages for 16.04 LTS and 18.04 LTS of Ubuntu, one of the Linux distributions, by the end of this year.
SBT is working to expand its services so that customers can continue to safely use Linux such as CentOS.
severity | Score |
emergency | 9.0~10.0 |
important | 7.0~8.9 |
caveat | 4.0~6.9 |
Note | 0.1~3.9 |
none | 0 |
Contact information regarding this press release
● SB Technology Corp. Public Relations Department
E-mail: sbt-press@tech.softbank.co.jp