United States (change)

Shortcuts: Downloads | Fedora | Red Hat Network

Account Links: Cart | Register | Log In

Main Site Links:

• Home
• Solutions
• Services & Products
• Partners
• Developers
• Training
• Support
• Buy Online

Security Response Team

The Red Hat Security Response Team is responsible for ensuring that security issues found in Red Hat products and services are addressed.

Our mission is to:

• Be a contact point for our customers who have found security issues in our products or services, and publish our procedures for dealing with this contact.
• Track alerts and security issues within the community which may affect users of Red Hat products and services.
• Investigate and address security issues in our supported products and services.
• Ensure timely security fixes for our products.
• Ensure that customers can easily find, obtain, and understand security advisories and updates.
• Help customers keep their systems current and up to date, to minimize the risk of security issues.
• Work with other vendors of Linux and open source software (including our competitors) to reduce the risk of security issues through information sharing and peer review.

Contact

Please read how to report a security issue in a Red Hat product or service.

Standards of Service

The Red Hat Security Response Team will ensure that:

• All Email communications sent to the Security Response Team will be read and acknowledged with a non-automated response within 3 working days.
• All Email communication which does not relate to a security issue found in our products and services will be replied to with a message pointing to this policy with details on more appropriate places to send the communication.
• If the issue you tell us about is complicated and requires greater attention from our technical staff we will contact you to explain this, and tell you when we expect to have a response. If prolonged investigations are necessary we will keep you informed of our progress at least every five working days, or alternatively provide you with a mechanism to check the status of our progress at any time.
• We will work with you to identify other organizations such as other open source vendors that you may wish to contact about the issue.

Treating your communication in confidence

We want you to be able to share information about security issues with us in confidence. If the information you share with us is not already public knowledge, we will:

• Keep the information you share with the Security Response Team confidential within Red Hat unless you have agreed otherwise.
• Not share the information you send to us with any third parties (including CERT, Mitre, our partners or customers) without your agreement.
• Give you a mechanism to communicate with us over a secure channel.
• Expect you to treat communications from us in the same way, and to inform us if you communicate details of the issue to any other party.

How we address security flaws

The Red Hat Security Response Team follows an internal process in dealing with security issues notified to us. We will investigate and verify the issue, analyze which products are affected, determine the impact, and work out the remedial action that needs to be taken.

In cases where a security update needs to be produced we will work to ensure that the fix causes minimal side effects. We will also work with you to determine an appropriate public notification date.

Dealing with Complaints

We have written these policies so that you can hold us accountable to our performance of them. If you are happy or unhappy with our standards of service we would like to hear from you. In the first instance please contact the Security Response Team. If your comments or complaint is not dealt with in a satisfactory fashion please contact the customer service manager at customerservice@redhat.com

• Notifications and advisories