Red Hat Security Blog: January 2013 archives

  • A minimal security response process

    This blog post outlines a lightweight security response process for community upstream projects: What you (as a project maintainer or contributor) can do to be prepared for incoming reports of security vulnerabilities, and to eventually respond with a security update. This is purely reactive - it is not about not shipping vulnerable code in the first place. But it is an important step in the right direction, and one that requires relatively little effort. Release engineering Without a...
    Posted 2013-01-30T13:00:12+00:00 - 0
  • Enterprise Linux 5.8 to 5.9 risk report

    Red Hat Enterprise Linux 5.9 was released this month (January 2013), just under a year since the release of 5.8 in February 2012. So let's use this opportunity to take a quick look back over the vulnerabilities and security updates made in that time, specifically for Red Hat Enterprise Linux 5 Server. Red Hat Enterprise Linux 5 is coming up to its sixth year since release, and will receive security updates until March 31st 2017. Errata count The chart below illustrates the total number of...
    Posted 2013-01-16T13:00:55+00:00 - 0
  • Detecting vulnerable Java dependencies at build time

    Background Java is a very popular programming language. Two key reasons for its popularity are security and the availability of a huge ecosystem of libraries and components. Since most Java applications make use of a wide range of libraries, which in turn have dependencies on other libraries, it is difficult to ensure the integrity of these applications from a security perspective. A recent study by Aspect security has revealed the significance of this problem. This study found that 26% of...
    Posted 2013-01-02T13:00:20+00:00 - 0

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.