Red Hat Blog

<h2><span><span><span><span><span><span>Introduction to attestation</span></span></span></span></span></span></h2> <p><span><span><span><span><span><span>Attestation is a confidential computing keystone. With attestation, workload owners can fully assert the trustworthiness of the hardware and software

<p><span><span><span><span><span><span>A private registry can be useful for storing Linux </span></span></span></span></span></span><a href="https://www.redhat.com/en/topics/containers"><span><span><span><span><span><span><span><span>container images</span>&am

<p><span><span><span><span><span><span>How many people does it take to buy a pair of shoes? It’s kind of a trick question. In a literal sense, it takes you and the person you are interacting with (assuming you are in a physical store). But the spirit of the question is: How many people are involved in the process of buying a pair of shoes? There’s a salesperson, store manager, shipping and logistics companies, the manufacturer of the shoes, manufacturers of the tools and equipment, manufacture

<p><span><span><span><span><span><span>On November 8th, 2022, Microsoft released a series of security updates for various Windows operating systems to fix two security issues:</span></span></span></span></span></span></p> <ul> <li aria-level="1"><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37966"&

<p><span><span><span><span><span><span>The OpenSSL project published </span></span></span></span></span></span><a href="https://www.openssl.org/news/secadv/20221101.txt"><span><span><span><span><span><span><span><span>two important impact security flaws</span>

<p><span><span><span><span><span><span>Vulnerabilities in software are a global concern, and open source software is no different from proprietary software in this regard. Any software vulnerability has the potential to be exploited by miscreants to harm its user. Whether this is on-premises, in the cloud, or on your mobile device, vulnerabilities in software make headlines (for good reason).</span></span></span></span></span>&a

A few months ago, I wrote my first blog for Red Hat: Getting a list of fixes for a Red Hat product between two dates is easy with daysofrisk.pl

Last quarter, I introduced the issue where our existing public key cryptography algorithms are vulnerable to a potentially new form of computers called quantum computers. In this article I introduce one of the better understood potential replacements: Hash-based signatures.

Red Hat's products are distributed through numerous methods, including RPMs, ISOs and zip files. Over the past several months, we have been working across the organization to design and implement a plan to provide signatures for all zip file types so that our customers have greater assurance that Red Hat actually creates the products they receive. This work is essential to our customers' trust in Red Hat and our products.

Container and Kubernetes adoption brings the promise of faster application development and delivery at larger scales -- however, it also brings with it new security challenges. Protecting cloud-native applications can require significant changes in how organizations approach IT security. They need to apply controls earlier in the application development lifecycle, use existing infrastructure to apply and enforce these controls, keep up with increasingly rapid release schedules, and more.