Red Hat Product Security provides the guidance, stability and security needed to confidently deploy enterprise solutions.
Our mission is to:
- Advance the open source security landscape by collaborating with communities of customers, contributors, and partners to protect against privacy and security risks.
- Investigate, track and explain security issues that may affect users of Red Hat supported products and services.
- Be the point of contact for customers, users, and researchers who have found security issues in our products and services and publish the procedures for dealing with these issues.
- Ensure timely security fixes and ensure our customers can easily find, obtain, and understand security advisories and updates for our supported products and services, according to their life cycles.
- Help customers keep their systems updated to minimize the risk of security issues and provide automated analysis / enforcement of security practices.
- Work with other vendors of Linux and open source software to reduce the risk of security issues through information sharing and peer review.
Stay in touch
Security Support Policies
Working with You, for You
Red Hat Product Security:
- Reads and responds (non-automated) to all email communication within three working days.
- Keeps you informed. If the issue you tell us about is complicated and requires greater attention from our technical staff, we contact you to explain this and when to expect a more detailed response. If prolonged investigations are necessary, we will provide you with a mechanism to check the status of our progress at any time.
- Works with you to identify other organizations, such as other open source software vendors, that you may wish to also contact about the issue.
- Directs all customers without security-related inquiries to more appropriate contact points.
Treating Your Communication in Confidence
We want you to feel you can share information about security issues with us in confidence. If the information you share with us is not already public knowledge, we will:
- Keep the information you share with Red Hat Product Security confidential within Red Hat, unless you have agreed otherwise.
- Give you a mechanism to communicate with us over a secure channel.
- Not share the information you send to us with any third-parties (including CERT, MITRE, or our partners and customers) without your agreement.
- Expect you to treat communication from us in the same way, and to inform us if you communicate details of the issue to any other party.
Ensuring your Red Hat Products are Secure
The heart of Red Hat’s security response capabilities is a carefully designed and thoroughly validated process for managing vulnerabilities. At Red Hat, stable code is backed by a strong security team.
Red Hat Product Security ensures Red Hat products are secured by:
- Identifying security issues
- Assessing the severity
- Creating updates
- Notifying customers
- Distributing updates
Give us Your Feedback
The policies on this page allow you to hold us accountable for our performance. We would like to hear from you if you have any feedback on our standards of service and performance. Contact Red Hat Product Security first, and if you feel your comment or complaint is not handled in a satisfactory manner, please contact the customer service manager at firstname.lastname@example.org.
Making you aware of risks
Today, more and more security vulnerabilities receive media attention.
Red Hat Product Security provides objective information about security risks that affect you, regardless of possible media hype. We use the following workflow to communicate accurate information about how these vulnerabilities affect you, so you can make informed decisions.
Red Hat Insights
Get actionable security intelligence regarding suggested improvements to deployed Red Hat software.
Protect your infrastructure with increased visibility and address security risks before they strike.