Red Hat Product Security believes that everyone, everywhere, is entitled to the access and quality information needed to mitigate security and privacy risks. We strive to protect communities of customers, contributors, and partners from digital security threats. We believe open source principles are the best way to achieve this.
Our mission is to:Protect customers by empowering Red Hat to design, build, and operate trustworthy solutions, while engaging in open ecosystems. We accomplish this through three major functional areas:
- Focusing on the requirements phase of the traditional SDL and enabling customers to attain critical certifications to support Red Hat's open hybrid cloud strategy and market success
- Driving the cycle of continuous security improvements in Red Hat’s productization pipelines. Supporting the systems and teams that store, manipulate, and package products and services to ensure the confidentiality, availability, and integrity of Red Hat’s products and services
- Supporting Red Hat Global Engineering with clear, open, and efficient secure development and vulnerability management practices
Stay in touch
Security Support Policies
Working with You, for You
Red Hat Product Security:
- Reads and responds (non-automated) to all email communication within three working days.
- Keeps you informed. If the issue you tell us about is complicated and requires greater attention from our technical staff, we contact you to explain this and when to expect a more detailed response. If prolonged investigations are necessary, we will provide you with a mechanism to check the status of our progress at any time.
- Works with you to identify other organizations, such as other open source software vendors, that you may wish to also contact about the issue.
- Directs all customers without security-related inquiries to more appropriate contact points.
Treating Your Communication in Confidence
We want you to feel you can share information about security issues with us in confidence. If the information you share with us is not already public knowledge, we will:
- Keep the information you share with Red Hat Product Security confidential within Red Hat, unless you have agreed otherwise.
- Give you a mechanism to communicate with us over a secure channel.
- Not share the information you send to us with any third-parties (including CERT, MITRE, or our partners and customers) without your agreement.
- Expect you to treat communication from us in the same way, and to inform us if you communicate details of the issue to any other party.
Ensuring your Red Hat Products are Secure
The heart of Red Hat’s security response capabilities is a carefully designed and thoroughly validated process for managing vulnerabilities. At Red Hat, stable code is backed by a strong security team.
Red Hat Product Security ensures Red Hat products are secured by:
- Identifying security issues
- Assessing the severity
- Creating updates
- Notifying customers
- Distributing updates
Give us Your Feedback
The policies on this page allow you to hold us accountable for our performance. We would like to hear from you if you have any feedback on our standards of service and performance. Contact Red Hat Product Security first, and if you feel your comment or complaint is not handled in a satisfactory manner, please contact the customer service manager at firstname.lastname@example.org.
Making you aware of risks
Today, more and more security vulnerabilities receive media attention.
Red Hat Product Security provides objective information about security risks that affect you, regardless of possible media hype. We use the following workflow to communicate accurate information about how these vulnerabilities affect you, so you can make informed decisions.
Red Hat Insights
Get actionable security intelligence regarding suggested improvements to deployed Red Hat software.
Protect your infrastructure with increased visibility and address security risks before they strike.