Red Hat Makes Strides in Platform Security

San Francisco

United States, February 14, 2006

Advancements in cryptography, smartcard integration and high-level security certifications make Red Hat Enterprise Linux one of the most secure platforms available

Red Hat, Inc. (NASDAQ:RHAT), the world's leading provider of open source solutions to the enterprise, today announced achievements and plans that the company is making to further fortify the Red Hat Enterprise Linux platform. Red Hat launched the 'Security in a Networked World' initiative for Linux and open source security in August 2005. Since then Red Hat has been working to increase platform-level security, provide increased security for all applications on the Red Hat platform, and achieve the highest levels of security certifications in the industry.

“End-user security, applications and data remain the core focus of the Red Hat Security in Networked World initiative. With the continued expansion of Red Hat Enterprise Linux powering both server and desktop solutions for customers, protecting all aspects of system resources remains a top priority,” said Paul Cormier, executive vice president of engineering at Red Hat.

Smartcard Integration

Red Hat Certificate System, which authenticates the identities of millions of users every day in both government and non-government verticals continues to show market leadership. With the addition of new features for deployments in heterogeneous environments the technology continues to mature and advance.

Since first announced in August 2005, Red Hat Certificate System now includes integrated smartcard support for Red Hat Enterprise Linux platforms, and open application platforms such as Firefox web browser and Thunderbird messaging system. The latest release of the Red Hat Certificate System will be available mid 2006, and customers will be able to issue and use smartcards that will support automated logins in a number of popular applications and operating systems, including; Red Hat Enterprise Linux, Microsoft Windows desktops and servers, Internet Explorer and Outlook Express. This expansion will ensure a consistent, unified, and simplified approach to strong authentication within the enterprise.

Security Certifications

Red Hat's commitment to the rigorous security and authentication requirements of its U.S. government customers is evident with the company's continued commitment to attaining the highest certifications and honors.

This week Red Hat and IBM announced that in partnership with IBM, Red Hat Enterprise Linux v.4 was accredited by the National Information Assurance Partnership (NIAP) for Controlled Access Protection Profile compliance under the Common Criteria for Information Security Evaluation commonly referred to as CAPP/EAL4+. The Common Criteria Scheme enables consumers to obtain an impartial assessment of an IT product by an independent lab. This impartial assessment, or security evaluation, includes an analysis of the IT product and the testing of the product for conformance to a set of security requirements.

Red Hat is also currently in process with HP for EAL 4 certification. This level of security represents the highest level of certification for a operating platform and with the inclusion of advanced technologies such as SELinux, builds on the strong foundation provided to the most demanding security requirements in the market today.

Certification of Red Hat Cryptography Libraries and Security Platform

Through Red Hat's direct involvement with the creation, maintenance, and continued expansion of the open source Network Security Solutions (NSS) cryptography libraries which are used as a cornerstone of the security framework for many security platforms, Red Hat is receiving certification under the FIPS 140-2 evaluation criteria. Red Hat has received certification with NSS for key algorithms: AES, Triple DES, SHS, and HMAC and are under evaluation with RHN, DSA, and RSA. This certification ensures that the cryptography empowering Red Hat Certificate System now meets the requirements set forth for strong cryptography controls in the U.S. Government.

Security in a Networked World: What's Next

Red Hat is committed to providing information about entire networks, from systems to applications and data, in a form that can easily be reported, managed and controlled to ensure the security of the entire environment. The company continues to invest resources to build out the Open Source Architecture and partner ecosystems to provide choice to enterprise customers building infrastructures based on open source technologies.

For more information on Red Hat Security solutions, please visit Red Hat Booth #2044 at the RSA Conference, San Francisco, visit or call 866-2-REDHAT.

About Red Hat, Inc.

Red Hat, the world's leading open source and Linux provider, is headquartered in Raleigh, NC with satellite offices spanning the globe. The most trusted name in open source, CIOs and other senior-level IT executives have ranked Red Hat as the industry's most valued vendor for two consecutive years in the CIO Insight Magazine Vendor Value study. Red Hat is leading Linux and open source solutions into the mainstream by making high quality, low cost technology accessible. Red Hat provides operating system software along with middleware, applications and management solutions. Red Hat also offers support, training and consulting services to its customers worldwide and through top-tier partnerships. Red Hat's open source strategy offers customers a long term plan for building infrastructures that are based on and leverage open source technologies with focus on security and ease of management. Learn more:

Forward-Looking Statements

Any statements in this press release about future expectations, plans and prospects for the Company, including statements containing the words "believes," "anticipates," "plans," "expects," "will," and similar expressions, constitute forward-looking statements within the meaning of The Private Securities Litigation Reform Act of 1995. Actual results may differ materially from those indicated by such forward-looking statements as a result of various important factors, including: the factors discussed in our most recent Quarterly Report on Form 10-Q filed with the SEC (a copy of which may be accessed through the SEC's website at, reliance upon strategic relationships, management of growth, the possibility of undetected software errors, the risks of economic downturns generally, and in Red Hat's industry specifically, the risks associated with competition and competitive pricing pressures and the viability of the Internet. In addition, the forward-looking statements included in this press release represent the Company's views as of the date of this press release and these views could change. However, while the Company may elect to update these forward-looking statements at some point in the future, the Company specifically disclaims any obligation to do so. These forward-looking statements should not be relied upon as representing the Company's views as of any date subsequent to the date of the press release.

LINUX is a trademark of Linus Torvalds. RED HAT is a registered trademark of Red Hat, Inc. All other names and trademarks are the property of their respective owners.