Product Security Publications

This page contains a collection of Red Hat Product Security articles and blogs on various product security topics. If you have additional security questions, please refer to Security Contacts and Procedures.

See also:

Topic Publications
Artificial intelligence
Top 10 security architecture patterns for LLM applications
Red Hat security ratings for AI models
Security and safety of AI systems
Security of LLMs and LLM systems: Key risks and safeguards
When LLMs day dream: Hallucinations and how to prevent them
Why trust open source AI?
Compliance and risk
A Risk-Based Approach to CVE Assessments in Regulated Environments
Compliance Activities and Government Standards
What is FedRAMP? (video)
Secure Development Lifecycle (SDL)
An Overview of Red Hat’s Secure Development Lifecycle (SDL) practices
Red Hat Security Declaration - Secure Software Development Life Cycle
RHEL core cryptographic components
Securing the Code: Red Hat’s Comprehensive Strategies for Software Security
Supply chain security
Software Supply Chain Security Assurance at Red Hat: A Partnership Process Model
Tools and data
Customer Privacy Statement
Explaining Red Hat Errata (RHSA, RHBA, and RHEA)
Explaining security by design and loosening guides
Red Hat CVE Database
Red Hat Security Advisory Database
Red Hat Security Data (SBOM, CSAF-VEX, OVAL)
     Future of Red Hat Security Data: CSAF, VEX, and SBOM
     CSAF-VEX documents now available
     CSAF-VEX technical guidance
     Vulnerability Exploitability eXchange (VEX)
Vulnerability Mgt fundamentals
What is a CVE?
CWE Compatibility for Red Hat Customer Portal
Demystifying Risk using CVEs and CVSS
Red Hat Severity ratings
     Red Hat security ratings for AI models
     Understanding Red Hat's security impact scale
What is Vulnerability Management?
Vulnerability Mgt processes
An Open Approach to Vulnerability Management
Lifecycle Security Update Policy
Product Security Vulnerability Management
Understanding Red Hat’s Product Security Incident Response Plan
Vulnerability Mgt tools and solutions
Introducing Red Hat Vulnerability Scanner Certification
Vulnerability walkthrough videos
Tutorial on how to process vulnerability scans