Open source software vendors do something akin to selling air: They get people to pay for something that easily, and perfectly legally, can be had for free. But added security is becoming an increasingly important part of the value proposition, as Red Hat (RHT), maker of one of the leading Linux enterprise distributions, emphasized this week in a statement on its software subscriptions.

The source code for Red Hat Enterprise Linux (RHEL), Red Hat’s flagship product, is freely available for anyone to download. In fact, it’s so freely available that a competing Linux distribution, CentOS, is basically just the RHEL code, compiled and packaged by a third party. Red Hat doesn’t mind.

That, of course, is because Red Hat focuses on selling software support via subscriptions, rather than the software itself. Traditionally, the pitch for enterprises to buy support centered on keeping software up to date to avoid bugs of various kinds that could have a number of negative effects, of which security holes were only one. Subscriptions also provide help in case something goes wrong, offering an alternative to the do-it-yourself approach that is the default for solving problems in the open source world.

Keeping up to date is still a key part of Red Hat’s value proposition. But in a recent blog post, the company’s vice president of Customer Engagement and Experience, Marco Bill-Peter, homed in on the security dimension of subscription-based software support as a leading reason to become a paying Red Hat customer—especially following the litany of major security scares that occurred in the last year, from Heartbleed to Shellshock.

Of course, since software subscriptions can’t protect enterprises from vulnerabilities that aren’t yet publicly known, paying a vendor for open source support would not actually have completely protected anyone from, say, Heartbleed. But they would have ensured the delivery of a fix as fast as possible, as well as “timely advice, industry-leading security expertise, access to technical information and support, proactive notifications, Customer Portal alerts and articles and a Red Hat Access Labs self-detection tool” to help cope with the issue, according to Bill-Peter.

The lesson for the channel is that, as security threats (along with data privacy compliance) become more serious than ever, open source software vendors have a growing opportunity for pitching the value of software support services. It’s no longer only about having someone to call when Apache crashes and won’t restart.