what assurances are in place or can be made (Score 1)

We NEED to be able to address the trustworthyness our computing platform and platform updates. Any automatic update process has the potential to be abused. If a hacker or spy-agency can gain control of an update process then all sorts of security issues arise. This is true for any software that pushes updates not just Microsoft. We have many clients who have every legitimate reason to need secure and reliable computing platform, some are law enforcement, legal, medical, mental health care agencies and ordinary people. Historically a reasonable option for a trustworthy platform has been offered by microsoft software along with a healthy dose of best practices configuration. Most problems occur when the best practices are ignored. What can we tell clients about the trustworthyness of the update process? Namely what assurances are in place that prevent the application of some federal order telling Microsoft or redhat or some other vendor to distribute an update that exposes client information without the knowledge of the systems administrator(s)? We need to address this concern somehow. Thank you, Matthew Joy Bright Solutions Inc.