Red Hat Blog

Trust is something we encounter every day in many different contexts, whether it’s with people, institutions or products. With trust comes vulnerability–an especially uncomfortable concept for those of us primarily concerned with security. No one wants their systems to be vulnerable, but if you really want to understand the security posture of your system, you need to understand what you are trusting and how it could expose you.What is trust?Zero trust is a term that’s getting a lot of buzz, but it can be a bit of a misnomer. It's not so much zero trust, but zero implicit trust. Nothing

Protecting intellectual property and proprietary artificial intelligence (AI) models has become increasingly important in today's business landscape. Unauthorized access can have disastrous consequences with respect to competitiveness, compliance and other vital factors, making it essential to implement leading security measures. Confidential computing is one of these technologies, using hardware-based trusted execution environments (TEEs) to create enclaves with strengthened security postures. These enclaves help protect sensitive data and computations from unauthorized access, even by pr

When designing your CI/CD pipelines, security should not be an afterthought for application development. A comprehensive security approach—from code development to implementation—needs to start at Day 0. According to the State of Software Supply Chain report, there has been a 742% average annual rise in software supply chain attacks over the past three years. A Cost of a Data Breach report found that 20% of data breaches are due to a compromised software supply chain. Possibly as a result, almost 1 in 3 respondents of the State of Kubernetes Security report experienced revenue

Runtime pertains to the active execution of a system, which may encompass infrastructure, applications operating within containers, or local systems. Runtime security refers to the security measures implemented while the application is actively running. This is especially important, as revealed by the State of Kubernetes Security Report 2023, where it was observed that 49% of security incidents pertaining to containers and Kubernetes occurred during the runtime phase. Runtime security tools can help to overcome challenges by providing observability and continuous visibility to security tea

This is the third post in a series of blogs looking at cybersecurity focusing on Critical National Infrastructure (CNI) organizations. This post identifies where Red Hat can help organizations reduce their risk using their technology, training, and services. Enterprise security challenges for CNI organizations: Overview Enterprise security challenges for CNI organizations: People and processes Enterprise security challenges for CNI organizations: Technical solutions How can Red Hat help ? Red Hat provides trusted open source software that helps organizations implement security

Red Hat Product Security is pleased to announce that official Red Hat vulnerability data is now available in a new format called the Vulnerability Exploitability eXchange (VEX). In April 2023, we mentioned in an article titled “The future of Red Hat security data”, that Red Hat was working on providing a new security data format. This new format has been created to replace the old OVAL data format, which we aim to deprecate at the end of 2024. Since February 2023, Red Hat has published Red Hat security advisories (RHSAs) in the CSAF format as an official, recommended authoritative sourc

Almost 10 years ago, researchers identified and presented the "triple handshake" man-in-the-middle attack in TLS 1.2. The vulnerability breaks confidentiality of the connection and allows an attacker to impersonate a client. In response, RFC 7627 introduced the Extended Master Secret Extension for TLS 1.2 in September 2015, which prevents the attack. All major TLS libraries now support the Extended Master Secret (EMS) and enable it by default. Unfortunately, many older operating systems and embedded devices such as WiFi access points and home routers do not support it. For example, Red Hat

According to IDC, Linux operating system (OS) environments are expected to grow from 78% in 2021 to 82% in 2026 across physical, virtual, and cloud deployments. Fundamental to that growth is continued assurance that Linux OSs can provide organizations with more powerful and secure foundations upon which to build and run workloads in just about any environment. For decades, Red Hat Enterprise Linux (RHEL) has been the world’s leading enterprise Linux platform, partly because it delivers on those promises of power and a stronger security footprint. The latest version, RHEL 9.2, continues th

Red Hat—the world’s leading provider of open source solutions—is excited to announce the successful completion of the Infosec Registered Assessors Program (IRAP) assessment of Red Hat OpenShift Service on AWS (ROSA). IRAP is managed by the Australian Signals Directorate (ASD). ASD endorses qualified cybersecurity professionals to provide relevant security assessment services which aim to secure broader industry and Australian government systems and data. The IRAP assessment rigorously evaluated ROSA controls and has provided assurance that ROSA aligns with the Australian Information S

Earlier this year, Red Hat engineering took a close look at how to accelerate compression within applications by using 4th Gen Intel Xeon Scalable Processors that include Intel® QuickAssist Technology (Intel® QAT), which can accelerate both compression and encryption. Today we will examine the encryption capabilities and show how to achieve major performance improvements with leading load balancing applications. HAProxy and F5’s NGINX were tested running on Red Hat Enterprise Linux 9.2. Setting up We started with a RHEL 9.2 installation on a system with an Intel Xeon Platinum 8480+ p