Product Security

Red Hat Product Security believes that everyone, everywhere, is entitled to the access and quality information needed to mitigate security and privacy risks. We strive to protect communities of customers, contributors, and partners from digital security threats. We believe open source principles are the best way to achieve this.

Our mission is to:

Protect customers by empowering Red Hat to design, build, and operate trustworthy solutions, while engaging in open ecosystems.

We accomplish this through three major functional areas:

  • Focusing on the requirements phase of the traditional SDL and enabling customers to attain critical certifications to support Red Hat's open hybrid cloud strategy and market success.
  • Driving the cycle of continuous security improvements in Red Hat’s productization pipelines. Supporting the systems and teams that store, manipulate, and package products and services to assure the confidentiality, availability, and integrity of Red Hat’s products and services.
  • Supporting Red Hat Global Engineering with clear, open, and efficient secure development and vulnerability management practices.

Top resources

Red Hat Security Blog

Security blogs published by Red Hat experts. Posts for 2018 and previous years can be found at our historical blog address.

Red Hat Security Articles

Security articles published by Red Hat experts.

Severity Ratings

Red Hat Product Security provides a prioritized risk assessment to help you understand and schedule upgrades to your systems.

Backporting Policies

Makes certain that automated updates to customers can be deployed with minimal risk.

Product Signing Keys

Red Hat Product Security uses a number of OpenPGP keys to verify software updates.

Security Data

Red Hat Product Security are committed to providing tools and security data to help security measurement.

Notifications and Advisories

Red Hat errata and advisory policy on advance notification and acknowledgement.

Stay in touch

Contacting Red Hat Product Security

Refer to the Security Contacts and Procedures page for information on how and when to report a security issue in a Red Hat product or service.

Contact us

Security Update Notifications

Subscribe to email notifications for newly issued security updates. Set preferences for system or subscription level, as well as frequency.

Get notified

Interested in joining our team?

Learn more about jobs in Red Hat Product Security.

Security Support Policies

Working with You, for You

Red Hat Product Security:

  • Reads and responds (non-automated) to all email communication within three working days.
  • Keeps you informed. If the issue you tell us about is complicated and requires greater attention from our technical staff, we contact you to explain this and when to expect a more detailed response. If prolonged investigations are necessary, we will provide you with a mechanism to check the status of our progress at any time.
  • Works with you to identify other organizations, such as other open source software vendors, that you may wish to also contact about the issue.
  • Directs all customers without security-related inquiries to more appropriate contact points.

Treating Your Communication in Confidence

We want you to feel you can share information about security issues with us in confidence. If the information you share with us is not already public knowledge, we will:

  • Keep the information you share with Red Hat Product Security confidential within Red Hat, unless you have agreed otherwise.
  • Give you a mechanism to communicate with us over a secure channel.
  • Not share the information you send to us with any third-parties (including CERT, MITRE, or our partners and customers) without your agreement.
  • Expect you to treat communication from us in the same way, and to inform us if you communicate details of the issue to any other party.

Ensuring your Red Hat Products are Secure

The heart of Red Hat’s security response capabilities is a carefully designed and thoroughly validated process for managing vulnerabilities. At Red Hat, stable code is backed by a strong security team.

Red Hat Product Security ensures Red Hat products are secured by:

  • Identifying security issues
  • Assessing the severity
  • Creating updates
  • Notifying customers
  • Distributing updates

Give us Your Feedback

The policies on this page allow you to hold us accountable for our performance. We would like to hear from you if you have any feedback on our standards of service and performance. Contact Red Hat Product Security first, and if you feel your comment or complaint is not handled in a satisfactory manner, please contact the customer service manager at customerservice@redhat.com.

Making you aware of risks

Today, more and more security vulnerabilities receive media attention.

Red Hat Product Security provides objective information about security risks that affect you, regardless of possible media hype. We use the following workflow to communicate accurate information about how these vulnerabilities affect you, so you can make informed decisions.

Red Hat Insights

Get actionable security intelligence regarding suggested improvements to deployed Red Hat software.

Protect your infrastructure with increased visibility and address security risks before they strike.

Learn More