Red Hat Security Blog: April 2017 archives

  • Security Scoring and Grading for Container Images

    We have just rolled out an update to the interface of the Red Hat Container Catalog that attempts to answer to the question of whether or not a particular container image available in the Container Catalog can be considered secure. In the interests of transparency providing as much information as available to deploy the right container image for their needs, we are excited about these new capabilities in the Red Hat Container Catalog and wanted to give a little insight on our rationale....
    Posted 2017-04-25T16:26:09+00:00 - 0
  • Join us at Red Hat Summit 2017

    As you’ve probably heard, this year’s Red Hat Summit is in Boston May 2-4. Product Security is looking forward to taking over multiple sessions and activities over the course of those 3 days, and we wanted to give you a sneak peek of what we have planned. Sessions There will be A LOT of Product Security sessions including: Tuesday, May 2 Time Session Title Room 10:15-11:00AM L102598 - Practical OpenSCAP—Security standard compliance and reporting Room 252B 10:15-11:00AM S102106 - Red...
    Posted 2017-04-19T13:30:00+00:00 - 0
  • Determining your risk

    Red Hat continues to be a leader in transparency regarding security problems that are discovered in our software and the steps we take to fix them. We publish data about vulnerabilities on our security metrics page and recently launched an API Service that allows easier (and searchable) access to the same data. This data is important to administrators for understanding what known security problems exist and determining what they should do about it. Pitfalls of comparing version numbers...
    Posted 2017-04-12T13:30:00+00:00 - 0
  • Changes coming to TLS: Part Two

    In the first part of this two-part blog we covered certain performance improving features of TLS 1.3, namely 1-RTT handshakes and 0-RTT session resumption. In this part we shall discuss some security and privacy improvements. Remove Obsolete and insecure cryptographic primitives Remove RSA Handshakes When RSA is used for key establishment there is no forward secrecy, which basically means that an adversary can record the encrypted conversation between the client and the server and later if it...
    Posted 2017-04-05T13:30:00+00:00 - 3

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.