Security Operating Approvals - How Red Hat manages risk in its Software Supply Chain

The Security Operating Approval (SOA) is a fundamental procedure at Red Hat, led by our Product Security team, to ensure that our Software Supply Chain consistently upholds stringent security standards. This process serves as an essential checkpoint. Every system within our Products and Global Engineering departments with the capability to process, handle, or modify code must secure this approval before being green-lighted for integration into our production pipeline.

Our steadfast commitment to the SOA process underscores a singular, paramount objective: mitigating risks to our customers. It's not just about adhering to industry norms or ticking boxes; it's about helping ensure that every piece of software, every service, and every product that reaches our customers is trusted and reliable. By doing this, we enhance the inherent value of Red Hat Software and strengthen your trust in our brand.

Diving deeper into the SOA process reveals a comprehensive and methodical approach to security. System owners must provide extensive security documentation for Product Security review to receive their approval to operate. Documentation includes but is not limited to, detailed architectural blueprints, system design documentation, data flow charts, evidence of adherence to established and internationally recognized cybersecurity benchmarks, and entry into our corporate catalog and monitoring systems.