Patches in FreeBSD

[Jerry]

Hi All,  

I am being forced to use something besides FreeBSD - probably Susie or 
Red Hat Linux for the base of a server system.   The primary reason
given is that when security issues come along, FreeBSD has no way
of patching the running system, but rather requires rebuilding the
system - CVSUP, make, install, etc whereas Susie and Red Hat can
be patched on the fly.    I presume this means kernel type security
stuff rather than concerns about third party software.

Up to now, I have not been in a situation that doing a cvsup and builds
and installs or even scratch installs of new versions wasn't just fine, 
so that is what I have done and have some experience with.   But the powers 
that be here are saying that is unacceptable because it will take the
system down too much for critical fixes.
   
My question is:   How do I respond to this?   
I have seen the word patch used in security update messages - but 
didn't follow that path.   Is that real?   Does it cover kernel
things essentially on the fly or is a 'time consuming' rebuild 
still needed?

I will look up some stuff on patches in FreeBSD, but would like to
hear some perspective on this.

Thanks,

////jerry