November: What have we been doing for you?

The Red Hat Product Security Team is constantly working behind the scenes to protect our customers.  Here are just a few things that we’ve been working on in November:

• victi.ms project - We're now using victi.ms data to help check our JAR files for embedded vulnerabilities.  This helps identify vulnerabilities and keeps them out of Red Hat products.
• Security Feature Matrix – We reported on the Security Feature Matrix last month and we continue to do research and make changes in our products based on information posted here.
• Package hardening in Fedora - GCC allows for several hardening features that are not always being used.  We're working with Fedora Engineering to identify these packages and implement these hardening features to better protect users.
• Assigning CVEs for Open Source software – One of the services Red Hat provides is working with open source software developers on security vulnerabilities discovered in their code.  Each month we assign roughly 100 CVEs.

These and many other projects are on our work benches.  Please stay tuned to hear more about our work and research in upcoming posts.