ICE OS uses an embedded Linux kernel, and so encounters fewer vulnerabilities in comparison to server/desktop operating systems. As part of its security strategy, ICE OS is read-only and immutable, so it cannot be patched in the same way as operating systems like Red Hat or Windows. Each new ICE product release includes a new ICE OS version.

Instant Connect requires customers to be on the latest General Availability (GA) product release in order to receive security vulnerability support. If a vulnerability is discovered, Instant Connect will issue an updated ICE OS version for the latest GA only, and not for older product releases. To ensure you receive security updates for your ICE deployment, ensure your ICE components are running the current GA release version.