In the wake of Heartbleed, Shellshock and other security and data privacy fiascos, Red Hat (RHT) is emphasizing the value of its subscription software support for open source platforms, including Red Hat Enterprise Linux (RHEL).

The source code for RHEL, Red Hat's flagship product, is freely available for anyone to download. In fact, it's so freely available that a competing Linux distribution, CentOS, is basically just the RHEL code, compiled and packaged by a third party. Red Hat doesn't mind.

That, of course, is because Red Hat focuses on selling software support via subscriptions, rather than the software itself. Traditionally, the pitch for enterprises to buy support centered on keeping software up to date to avoid bugs of various kinds that could have a number of negative effects, of which security holes were only one. Subscriptions also provide help in case something goes wrong, offering an alternative to the do-it-yourself approach that is the default for solving problems in the open source world.

Keeping up to date is still a key part of Red Hat's value proposition. But in a recent blog post, the company's vice president of Customer Engagement and Experience, Marco Bill-Peter, homed in on the security dimension of subscription-based software support as a leading reason to become a paying Red Hat customer—especially following the litany of major security scares that occurred in the last year, from Heartbleed to Shellshock.

Click here for Talkin' Cloud's Top 100 CSP list

Of course, since software subscriptions can't protect enterprises from vulnerabilities that aren't yet publicly known, paying a vendor for open source support would not actually have completely protected anyone from, say, Heartbleed. But they would have ensured the delivery of a fix as fast as possible, as well as "timely advice, industry-leading security expertise, access to technical information and support, proactive notifications, Customer Portal alerts and articles and a Red Hat Access Labs self-detection tool" to help cope with the issue, according to Bill-Peter.

The lesson for the channel is that, as security threats (along with data privacy compliance) become more serious than ever, open source software vendors have a growing opportunity for pitching the value of software support services. It's no longer only about having someone to call when Apache crashes and won't restart.