Source
Red Hat Blog
<p>In this article we will describe how Microsoft and Red Hat are collaborating in the open source community to show how Red Hat <a href="https://www.redhat.com/en/technologies/cloud-computing/openshift">OpenShift</a> can be deployed on <a href="https://aka.ms/azurecc">Azure Confidential Computing</a> for providing confidential container capabilities to its users. For this purpose, OpenShift uses the <a href="https://www.redhat.com/en/blog/learn-openshift-sandboxed-containe
<drupal-media data-align="center" data-entity-type="media" data-entity-uuid="86dcee13-494e-41e0-a1ed-419306586e5d"></drupal-media> <h3>What are Confidential Containers?</h3> <p><strong><a href="https://github.com/confidential-containers">Confidential Containers</a></strong> (CoCo) is a new sandbox project of the <a href="https://www.cncf.io/">Cloud Native Comput
<p>For some time now, the conversation around what poses risk in software vulnerabilities has been evolving. It has been gratifying to hear other voices amplifying what I, and generally Red Hat, have been saying for years: not all vulnerabilities in software matter, and not all vulnerabilities in software are created equal. A number of industry leaders in the security space have been saying this, and those voices are becoming louder and harder to ignore. More importantly, as I talk to customers, the message is beginning to resonate. And that’s for one simple reason:</p&a
<p>As IT environments become more complex, especially as cloud-native technologies, cloud services and traditional hardware all interact to meet evolving business demands, automation remains a key organizational strategy. Automation helps manage and maintain operations at a greater scale, speed and agility. Greater IT complexity also dovetails with requirements for enhanced cybersecurity postures, with threats and vulnerabilities changing on a near daily basis. Automation and IT security are not mutually exclusive, but a guidebook to effective configurations that help keep operat
<p>When debugging or tracing running workloads in <strong><a href="https://www.redhat.com/en/technologies/cloud-computing/openshift">Red Hat OpenShift</a></strong> deployments, there will frequently be a need to run the workloads with elevated privileges. This is not possible or desirable in production deployments, however, due to the risks to the cluster and other running workloads. </p> <p>In this article we will demonstrate how customers can leverage an <
<p><em>The Red Hat Shares newsletter helps IT leaders navigate the complicated world of IT―the open source way.</em></p> <div class="rc-cta-primary"><a href="https://www.redhat.com/en/email-preferences?newsletter=RH-shares&intcmp=7013a0000034h0bAAA">Subscribe to Red Hat Shares</a></div> <hr /> <div class="rc-title-emphasis">FROM THE EDITOR</div> <h3>De
<p>The <a href="https://github.com/confidential-containers">Confidential Containers</a> (CoCo) project aims to implement a cloud-native solution for confidential computing using the most advanced <a href="https://en.wikipedia.org/wiki/Trusted_execution_environment">trusted execution environments</a> (TEE) technologies available from hardware vendors like AMD, IBM and Intel. Recently, the first release of the project (<a href="https://github.com/confidential-containers/docum
<p>In the world of <a href="https://access.redhat.com/security/overview">product security</a> and compliance, there’s no shortage of leadership, at least on the surface. But “leadership” doesn’t necessarily mean the same thing across individuals, companies or industries. Practically, what traits should a leader in IT security exhibit? What should they be doing…or not doing? And why do these specific actions matter?</p> <p>Just like the nature of leadership itself, there isn’t an objective ans
<p>At Red Hat, we recognize the importance of implementing security measures early in the software development life cycle (SDLC), as breaches are becoming more pervasive in today's society. Our work in <a href="https://access.redhat.com/security/overview">Red Hat Product Security</a> is to help minimize the software-based risks of enterprise open source from Red Hat, while affording the many benefits <a href="https://opensource.com/article/17/8/enterprise-open-source-advantages">that open sourc
<p>Product security is the foundation of our software delivery at Red Hat. Developing open source is extraordinary, and we strive for the best standards since our code is open. While this is a broad subject, my focus is secure development, specifically from the supply chain perspective. </p> <h3>Security as a culture</h3> <p>As an engineer on the Supply Chain team, the more I dive into software development, the more I have come to understand that security is a culture. It requires collective involvement fr