Red Hat Blog

When designing your CI/CD pipelines, security should not be an afterthought for application development. A comprehensive security approach—from code development to implementation—needs to start at Day 0. According to the State of Software Supply Chain report, there has been a 742% average annual rise in software supply chain attacks over the past three years. A Cost of a Data Breach report found that 20% of data breaches are due to a compromised software supply chain. Possibly as a result, almost 1 in 3 respondents of the State of Kubernetes Security report experienced revenue

Runtime pertains to the active execution of a system, which may encompass infrastructure, applications operating within containers, or local systems. Runtime security refers to the security measures implemented while the application is actively running. This is especially important, as revealed by the State of Kubernetes Security Report 2023, where it was observed that 49% of security incidents pertaining to containers and Kubernetes occurred during the runtime phase. Runtime security tools can help to overcome challenges by providing observability and continuous visibility to security tea

This is the third post in a series of blogs looking at cybersecurity focusing on Critical National Infrastructure (CNI) organizations. This post identifies where Red Hat can help organizations reduce their risk using their technology, training, and services. Enterprise security challenges for CNI organizations: Overview Enterprise security challenges for CNI organizations: People and processes Enterprise security challenges for CNI organizations: Technical solutions How can Red Hat help ? Red Hat provides trusted open source software that helps organizations implement security

Red Hat Product Security is pleased to announce that official Red Hat vulnerability data is now available in a new format called the Vulnerability Exploitability eXchange (VEX). In April 2023, we mentioned in an article titled “The future of Red Hat security data”, that Red Hat was working on providing a new security data format. This new format has been created to replace the old OVAL data format, which we aim to deprecate at the end of 2024. Since February 2023, Red Hat has published Red Hat security advisories (RHSAs) in the CSAF format as an official, recommended authoritative sourc

Almost 10 years ago, researchers identified and presented the "triple handshake" man-in-the-middle attack in TLS 1.2. The vulnerability breaks confidentiality of the connection and allows an attacker to impersonate a client. In response, RFC 7627 introduced the Extended Master Secret Extension for TLS 1.2 in September 2015, which prevents the attack. All major TLS libraries now support the Extended Master Secret (EMS) and enable it by default. Unfortunately, many older operating systems and embedded devices such as WiFi access points and home routers do not support it. For example, Red Hat

According to IDC, Linux operating system (OS) environments are expected to grow from 78% in 2021 to 82% in 2026 across physical, virtual, and cloud deployments. Fundamental to that growth is continued assurance that Linux OSs can provide organizations with more powerful and secure foundations upon which to build and run workloads in just about any environment. For decades, Red Hat Enterprise Linux (RHEL) has been the world’s leading enterprise Linux platform, partly because it delivers on those promises of power and a stronger security footprint. The latest version, RHEL 9.2, continues th

Red Hat—the world’s leading provider of open source solutions—is excited to announce the successful completion of the Infosec Registered Assessors Program (IRAP) assessment of Red Hat OpenShift Service on AWS (ROSA). IRAP is managed by the Australian Signals Directorate (ASD). ASD endorses qualified cybersecurity professionals to provide relevant security assessment services which aim to secure broader industry and Australian government systems and data. The IRAP assessment rigorously evaluated ROSA controls and has provided assurance that ROSA aligns with the Australian Information S

Earlier this year, Red Hat engineering took a close look at how to accelerate compression within applications by using 4th Gen Intel Xeon Scalable Processors that include Intel® QuickAssist Technology (Intel® QAT), which can accelerate both compression and encryption. Today we will examine the encryption capabilities and show how to achieve major performance improvements with leading load balancing applications. HAProxy and F5’s NGINX were tested running on Red Hat Enterprise Linux 9.2. Setting up We started with a RHEL 9.2 installation on a system with an Intel Xeon Platinum 8480+ p

To help government agencies and regulated industries embrace cloud-native innovation at scale while enhancing their security posture, we are pleased to announce the publication of the Security Technical Implementation Guide (STIG) from the Defense Information Systems Agency (DISA) for Red Hat OpenShift 4. The guide is available for download at the Department of Defense (DoD) Cyber Exchange. As containers continue to grow in adoption, the number of vulnerabilities and regulatory concerns has increased exponentially. According to Red Hat’s 2023 State of Kubernetes Security Report, 67% of re

This post series presents various forms of attestation for various Confidential Computing use cases. Confidential Computing is a set of technologies designed to protect data in use, for example using memory encryption. Data at rest (on disk) and data in transit (over the network) can already be protected using existing technologies. Attestation, generally speaking, is the process of proving some properties of a system. Attestation plays a central role in asserting that confidential systems are indeed confidential. This series focuses on four primary use cases: Confidential virtual mach