Our industry-aligned Secure Development Lifecycle (SDL) practices ensure that Red Hat produces trustworthy, high-quality software to meet our customer's business needs. We harden both our code and supply chain infrastructure through scans and testing, and utilize threat models and weakness patterns to design and build with security as a primary objective:
About security
Red Hat Product Security manages all security vulnerabilities reported or discovered within Red Hat software. We assess and classify the level of severity for vulnerabilities, which is used to indicate risk to Red Hat software, its customers, and the overall ecosystem. This classification then determines the orchestration of efforts necessary to respond to incidents.
Red Hat Product Security engineers analyze and track all known vulnerabilities. Our security classifications are used to prioritize risk in our software, and we work with each of our engineering teams to resolve those risks. We then disclose these risks in an open manner using industry formats and standards such as OVAL, CSAF, CVRF, our CVE pages, and security API.
loading...
Red Hat concentrates on product compliance by bringing together several disparate functions to focus on accelerating security requirement implementation and compliance framework achievement. Product Security:
Participates in the requirements phase of the traditional Software Development Lifecycle (SDLC) and the validation of successful requirement implementation.
Coordinates the planning of security certification efforts across Red Hat service and product portfolios to support Red Hat’s open hybrid cloud strategy and market success in restricted sales markets.
Informs security and risk decisions across Red Hat by developing tools and solutions that automate security and compliance functions, and conducting critical analysis functions.
Security and privacy
loading...
Receive email notifications of security updates, bug fixes, and enhancements, also known as errata.
Errata notifications are controlled based on your method of subscription management.
Suspected security vulnerabilities in a Red Hat product or service should be sent to secalert@redhat.com.
Your correspondence with us will be kept in the strictest confidence.
Incident reports should be sent to infosec@redhat.com.
Your correspondence with us will be kept in the strictest confidence.
