Product Security Publications

This page contains a collection of Red Hat Product Security articles and blogs on various product security topics. If you have additional security questions, please refer to Security Contacts and Procedures.

See also:

Topic	Publications
Artificial intelligence	Ethics of open and public AI: Balancing transparency and safety Red Hat security ratings for AI vulnerabilities Security and safety of AI systems Security of LLMs and LLM systems: Key risks and safeguards Top 10 security architecture patterns for LLM applications When bots commit: AI-generated code in open source projects When LLMs day dream: Hallucinations and how to prevent them Why trust open source AI? Security beyond the model: Introducing AI system cards
Compliance and risk	A Risk-Based Approach to CVE Assessments in Regulated Environments Product Compliance Portal What is FedRAMP? (video) How Red Hat’s Risk-based Vulnerability Management methodology aligns to PCI DSS v4
Secure Development Lifecycle (SDLC)	An Overview of Red Hat’s Secure Development Lifecycle (SDL) practices Recent improvements in Red Hat Enterprise Linux CoreOS security data Red Hat Security Declaration - Secure Software Development Life Cycle RHEL core cryptographic components Securing the Code: Red Hat’s Comprehensive Strategies for Software Security Repair the bridge before it cracks: Understanding vulnerabilities and weaknesses in modern IT
Supply chain security	Software Supply Chain Security Assurance at Red Hat: A Partnership Process Model Multiple Supply Chain Attacks against npm Packages
Tools and data	Customer Privacy Statement Explaining Red Hat Errata (RHSA, RHBA, and RHEA) Explaining security by design and loosening guides Red Hat CVE Database Red Hat Security Advisory Database Red Hat Security Data (SBOM, CSAF-VEX, OVAL) Future of Red Hat Security Data: CSAF, VEX, and SBOM Common Security Advisory Framework (CSAF) beta files now available CSAF-VEX documents now available CSAF-VEX technical guidance Vulnerability Exploitability eXchange (VEX)
Vulnerability Mgt fundamentals	What is a CVE? CWE Compatibility for Red Hat Customer Portal Common Vulnerability Scoring System (CVSS) vs. Risk: Why are we still having this conversation? Demystifying Risk using CVEs and CVSS Do software security features matter in the world of vulnerability remediation? Ratings: Container images guidelines Red Hat Severity ratings Red Hat security ratings for AI models Understanding Red Hat's security impact scale What is Vulnerability Management?
Vulnerability Mgt processes	An Open Approach to Vulnerability Management Lifecycle Security Update Policy Product Security Vulnerability Management Red Hat Vulnerability Management and Lifecycle
Vulnerability Mgt tools and solutions	Introducing Red Hat Vulnerability Scanner Certification Vulnerability walkthrough videos Tutorial on how to process vulnerability scans

Quick Links

Help

Site Info

Related Sites

© 2025 Red Hat