Skip to navigation

Security Contacts and Procedures

Red Hat takes security very seriously, and we aim to take immediate action to address serious security-related problems that involve our products or services.

Please report any suspected security vulnerability in a Red Hat product or service to the Red Hat Security Response Team at secalert@redhat.com. You can use our GPG key to communicate with us securely.

When to Contact the Red Hat Security Response Team

You should contact the Security Response Team if:

  • You think there may be a security vulnerability in a Red Hat product or service.
  • You are unsure about how a known vulnerability affects a Red Hat product or service.
  • You want to provide feedback about our standards of service and performance. If you feel your comment or complaint is not dealt with in a satisfactory manner, please contact the customer service manager at customerservice@redhat.com.
  • You can contact us in English. The Security Response Team is unable to respond in other languages. If you require assistance in another language, please contact Red Hat Global Support Services.

When Not to Contact the Red Hat Security Response Team

You should NOT contact the Security Response Team if:

  • You need assistance in a language other than English.
  • You require technical assistance (for example, "how do I configure my firewall?").
  • You need help upgrading packages due to security alerts. Refer to How do I apply package updates from the Red Hat Network? for information on upgrading packages.
  • Your issue is not security related.

In any of these cases, please contact Red Hat Global Support Services instead.

Who Reads Email Sent to secalert@redhat.com?

Only members of the Red Hat Security Response Team, a restricted and carefully chosen group of Red Hat employees, will have access to material sent to the secalert@redhat.com address. No outside users can subscribe to this list.

What to Send to secalert@redhat.com

Please provide as much information about your system and the issue as possible when contacting the list.

How to Contact Us Securely

The Red Hat Security Response Team uses a GNU Privacy Guard (GnuPG or GPG) key to secure communications. Mail sent to secalert@redhat.com can be encrypted with this public key. We expect to change the key we use from time to time. Should we change the key, the previous keys will be revoked and the rhsa-announce mailing list will be notified of the change.

650d5882: Red Hat, Inc. (Security Response Team) <secalert@redhat.com>

This key is used for communicating securely with the Red Hat Security Response Team and for signing the security advisories posted to mailing lists.

Download: Red Hat
Download: pgp.mit.edu
Fingerprint: 9273 2337 E5AD 3417 5265 64AB 5E54 8083 650D 5882

Please do not send messages encrypted with this public key to any address other than security@redhat.com and secalert@redhat.com. We are unable to accept any non–security-related email which is encrypted with this public key.

How We Respond

Email sent to secalert@redhat.com is read and acknowledged with a non-automated response within three working days. For issues that are complicated and require significant attention, we will open an investigation and keep you informed of our progress every five working days at minimum. Alternatively, we will provide you with a mechanism to check the status of our progress at any time.

Any information you share with us about security issues that are not public knowledge is kept confidential within Red Hat. It is not passed on to any third-party without your permission.

Advance Notification

Red Hat does not provide an advance notification service. Security advisories are available from the security team and via the Red Hat Network.