Red Hat Product Security provides the guidance, stability and security needed to confidently deploy enterprise solutions.
An Open Approach to Vulnerability Management
Over the years, Red Hat has published a large number of articles, blogs and other resources that describe different facets of how we handle security vulnerabilities in our products. Here we have provided a document that builds on those efforts with the aim to bring it all together and help our customers and communities better understand how Red Hat categorizes, addresses and responds to security vulnerabilities.
Download An Open Approach to Vulnerability Management.
Last updated: March 28, 2024
Video details
An Open Approach to Vulnerability Management
From Vincent Danen September 16th, 2022
This presentation was first given at the Calgary Security Symposium in spring 2022, and subsequently at Summit Connect events in the fall. Based on the Open Approach to Vulnerability Management whitepaper, this presentation describes Red Hat's methodology to vulnerability management in enterprise open source software.
Vulnerability support
- Security-related information is managed and provided by the Product Security team.
- Red Hat cannot give more detailed information in a support CASE than is provided on the CVE, Errata, or related Security Bulletin pages.
- Red Hat cannot provide information on mitigations or reproducers other than what is described on the CVE, Errata, or related Security Bulletin pages.
Security Alerts, Bug Fixes, and Enhancements
- Active Products
- Container Health Index
- Incident Response Plan template
- Life Cycle Security Update Policy
- Processing Vulnerability Scans
- Product Life Cycle & Update Policies
- Security contacts and procedures
- Unsupported Products