Product Security Publications

This page contains a collection of Red Hat Product Security articles and blogs on various product security topics. If you have additional security questions, please refer to Security Contacts and Procedures.

See also:

• Product Security overview
• Security glossary

Topic	Publications
Artificial intelligence	Top 10 security architecture patterns for LLM applications Ethics of open and public AI: Balancing transparency and safety Red Hat security ratings for AI models Security and safety of AI systems Security of LLMs and LLM systems: Key risks and safeguards When LLMs day dream: Hallucinations and how to prevent them Why trust open source AI?
Compliance and risk	A Risk-Based Approach to CVE Assessments in Regulated Environments Product Compliance Portal What is FedRAMP? (video)
Secure Development Lifecycle (SDLC)	An Overview of Red Hat’s Secure Development Lifecycle (SDL) practices Recent improvements in Red Hat Enterprise Linux CoreOS security data Red Hat Security Declaration - Secure Software Development Life Cycle RHEL core cryptographic components Securing the Code: Red Hat’s Comprehensive Strategies for Software Security Repair the bridge before it cracks: Understanding vulnerabilities and weaknesses in modern IT
Supply chain security	Software Supply Chain Security Assurance at Red Hat: A Partnership Process Model
Tools and data	Customer Privacy Statement Explaining Red Hat Errata (RHSA, RHBA, and RHEA) Explaining security by design and loosening guides Red Hat CVE Database Red Hat Security Advisory Database Red Hat Security Data (SBOM, CSAF-VEX, OVAL)      Future of Red Hat Security Data: CSAF, VEX, and SBOM      Common Security Advisory Framework (CSAF) beta files now available      CSAF-VEX documents now available      CSAF-VEX technical guidance      Vulnerability Exploitability eXchange (VEX)
Vulnerability Mgt fundamentals	What is a CVE? CWE Compatibility for Red Hat Customer Portal Common Vulnerability Scoring System (CVSS) vs. Risk: Why are we still having this conversation? Demystifying Risk using CVEs and CVSS Do software security features matter in the world of vulnerability remediation? Red Hat Severity ratings      Red Hat security ratings for AI models      Understanding Red Hat's security impact scale What is Vulnerability Management?
Vulnerability Mgt processes	An Open Approach to Vulnerability Management Lifecycle Security Update Policy Product Security Vulnerability Management Understanding Red Hat’s Product Security Incident Response Plan
Vulnerability Mgt tools and solutions	Introducing Red Hat Vulnerability Scanner Certification Vulnerability walkthrough videos Tutorial on how to process vulnerability scans