Red Hat Product Security provides the guidance, stability and security needed to confidently deploy enterprise solutions.

Our mission is to:

  • Advance the open source security landscape by collaborating with communities of customers, contributors, and partners to protect against privacy and security risks.
  • Investigate, track and explain security issues that may affect users of Red Hat supported products and services.
  • Be the point of contact for customers, users, and researchers who have found security issues in our products and services and publish the procedures for dealing with these issues.
  • Ensure timely security fixes and ensure our customers can easily find, obtain, and understand security advisories and updates for our supported products and services, according to their life cycles.
  • Help customers keep their systems updated to minimize the risk of security issues and provide automated analysis / enforcement of security practices.
  • Work with other vendors of Linux and open source software to reduce the risk of security issues through information sharing and peer review.

Top resources

Red Hat Security Blog

Security articles published by experts at Red Hat. Posts for 2018 and previous years can be found at our historical blog address.

Security Data

Red Hat Product Security are committed to providing tools and security data to help security measurement.

Severity Ratings

Red Hat Product Security provides a prioritized risk assessment to help you understand and schedule upgrades to your systems.

Backporting Policies

Ensures automated updates to customers can be deployed with minimal risk.

Product Signing Keys

Red Hat Product Security uses a number of OpenPGP keys to verify software updates.

Notifications and Advisories

Red Hat errata and advisory policy on advance notification and acknowledgement.

Stay in touch

Contacting Red Hat Product Security

Refer to the Security Contacts and Procedures page for information on how and when to report a security issue in a Red Hat product or service.

Contact us

Security Update Notifications

Subscribe to email notifications for newly issued security updates. Set preferences for system or subscription level, as well as frequency.

Get notified

Security Support Policies

Working with You, for You

Red Hat Product Security:

  • Reads and responds (non-automated) to all email communication within three working days.
  • Keeps you informed. If the issue you tell us about is complicated and requires greater attention from our technical staff, we contact you to explain this and when to expect a more detailed response. If prolonged investigations are necessary, we will provide you with a mechanism to check the status of our progress at any time.
  • Works with you to identify other organizations, such as other open source software vendors, that you may wish to also contact about the issue.
  • Directs all customers without security-related inquiries to more appropriate contact points.

Treating Your Communication in Confidence

We want you to feel you can share information about security issues with us in confidence. If the information you share with us is not already public knowledge, we will:

  • Keep the information you share with Red Hat Product Security confidential within Red Hat, unless you have agreed otherwise.
  • Give you a mechanism to communicate with us over a secure channel.
  • Not share the information you send to us with any third-parties (including CERT, MITRE, or our partners and customers) without your agreement.
  • Expect you to treat communication from us in the same way, and to inform us if you communicate details of the issue to any other party.

Ensuring your Red Hat Products are Secure

The heart of Red Hat’s security response capabilities is a carefully designed and thoroughly validated process for managing vulnerabilities. At Red Hat, stable code is backed by a strong security team.

Red Hat Product Security ensures Red Hat products are secured by:

  • Identifying security issues
  • Assessing the severity
  • Creating updates
  • Notifying customers
  • Distributing updates

Give us Your Feedback

The policies on this page allow you to hold us accountable for our performance. We would like to hear from you if you have any feedback on our standards of service and performance. Contact Red Hat Product Security first, and if you feel your comment or complaint is not handled in a satisfactory manner, please contact the customer service manager at

Making you aware of risks

Today, more and more security vulnerabilities receive media attention.

Red Hat Product Security provides objective information about security risks that affect you, regardless of possible media hype. We use the following workflow to communicate accurate information about how these vulnerabilities affect you, so you can make informed decisions.

Red Hat Insights

Get actionable security intelligence regarding suggested improvements to deployed Red Hat software.

Protect your infrastructure with increased visibility and address security risks before they strike.

Learn More