Product Security Center

Red Hat provides the guidance and stability needed to confidently deploy your solutions

Red Hat Secure Development Lifecycle practices

Our industry-aligned Secure Development Lifecycle (SDL) practices assure that Red Hat produces secure, high-quality software to meet our customer's business needs. We secure both our code and supply chain infrastructure through scans and testing, and utilize threat models and weakness patterns to design and build with security as a primary objective:

About security

Red Hat response

Our Incident Response team manages all security vulnerabilities reported or discovered within Red Hat software. We establish the baseline on which Red Hat classifies the level of severity for vulnerabilities, which drives the risk to Red Hat software, its customers, the overall ecosystem, and therefore determines the orchestration of efforts necessary to respond to incidents.

Red Hat security engineers analyze and track all known vulnerabilities. Our security classifications are used to prioritize all risks, and we work with each of our engineering teams to resolve those risks. We then disclose these risks in an open manner using industry formats and standards such as OVAL, CSAF, CVRF, our CVE pages, and security API.

Latest CVEs
CVESynopsisImpactPublish date

There was an error loading CVE content.

Compliance and risk

The Compliance and Risk (PSCR) group brings together several disparate functions to focus on accelerating security requirement implementation and compliance framework achievement. PSCR participates in the requirements phase of the traditional Software Development Lifecycle (SDLC) and validation of successful requirement implementation. They also coordinate the planning of security certification efforts across Red Hat service and product portfolios. This coordination effort includes attaining security certifications across the Global Engineering portfolio to support Red Hat’s open hybrid cloud strategy and market success in restricted sales markets.

PSCR informs security and risk decisions across Product Security and Global Engineering by developing tools and solutions that automate security and compliance functions, and conducting critical analysis functions to inform security and risk decisions across Product Security and Global Engineering.

This work differentiates Red Hat from other open-source vendors by including requirements definitions for products and improvements in security metadata.

Security and privacy

Notifications

Receive email notifications of security updates, bug fixes, and enhancements, also known as errata.

Errata notifications are controlled based on your method of subscription management.

Report a new vulnerability

Suspected security vulnerabilities in a Red Hat product or service should be sent to secalert@redhat.com.

Your correspondence with us will be kept in the strictest confidence.

Report a new Information Security incident

Incident reports should be sent to infosec@redhat.com.

Your correspondence with us will be kept in the strictest confidence.

Red Hat Insights

Give your business the ability to predict and prevent problems before they occur

Get started