Red Hat Announces OVAL Security Compatibility


United States, June 21, 2006

New OVAL patch definitions provide a new view of security advisories for Red Hat Enterprise Linux users

Red Hat (Nasdaq: RHAT), the world's leading provider of open source solutions to the enterprise, today announced compatibility certification with Open Vulnerability and Assessment Language (OVAL) definitions for Red Hat Enterprise Linux 3 and 4 security advisories. Red Hat will now produce and support OVAL patch definitions to provide a structured and machine-readable version of advisories, allowing OVAL-compatible tools to accurately test for the presence of vulnerabilities.

With OVAL compatibility, Red Hat Enterprise Linux users can benefit from the utilization of third-party, OVAL-compatible patch auditing and compliance tools to audit their systems. By providing an alternative, machine-readable view of Red Hat security errata advisories, users can now integrate data about vulnerabilities from the Red Hat Security Response team into their existing vulnerability management processes. All users will continue to use Red Hat Network to manually or automatically obtain updates in addition to this new security view.

"As a founding member of the OVAL board, we've been working with the MITRE Corporation on OVAL for many years," said Mark J. Cox, Red Hat Security Response Team Lead, Red Hat. "Just as the MITRE CVE project has become common for dealing with vulnerability patches, we expect the same rapid adoption for the OVAL project. This initiative forms part of our commitment to make the deployment of security ubiquitous through the use of industry-wide standards."

"The translation of Red Hat errata into OVAL allows organizations looking to secure Red Hat operating systems to rely on open, standards-based tests that can be digested by assessment tools in order to perform instant and automated evaluations," said Matthew Wojcik, Senior Information Security Engineer and OVAL Moderator, the MITRE Corporation. "By pursuing OVAL compatibility, Red Hat has declared their commitment to open standards and is helping to raise the bar for patch management and vulnerability assessment in the marketplace."

The OVAL project, maintained by the MITRE Corporation, is an international information-security effort that promotes open and publicly available security content, and seeks to standardize the transfer of this information across the entire spectrum of security tools and services.

OVAL definitions for all existing Red Hat Enterprise Linux 3 and 4 security advisories are now available at

About Red Hat, Inc.

Red Hat, the world's leading open source and Linux provider, is headquartered in Raleigh, NC with satellite offices spanning the globe. The most trusted name in open source, CIOs and other senior-level IT executives have ranked Red Hat as the industry's most valued vendor for two consecutive years in the CIO Insight Magazine Vendor Value study. Red Hat is leading Linux and open source solutions into the mainstream by making high-quality, low-cost technology accessible. Red Hat provides operating system software along with applications, management, and middleware solutions, including JBoss Enterprise Middleware Suite (JEMS). Red Hat is accelerating the shift to service-oriented architectures (SOA) and enabling the next generation of web-enabled applications running on a low-cost, secure open source platform. Red Hat also offers support, training and consulting services to its customers worldwide and through top-tier partnerships. Red Hat's open source strategy offers customers a long term plan for building infrastructures that are based on and leverage open source technologies with focus on security and ease of management. Learn more:

Forward Looking Statements

Certain statements contained in this press release may constitute "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements provide current expectations of future events based on certain assumptions and include any statement that does not directly relate to any historical or current fact. Actual results may differ materially from those indicated by such forward-looking statements as a result of various important factors, including: risks related to the integration of acquisitions; the ability of the Company to effectively compete; the inability to adequately protect Company intellectual property and potential for infringement or breach of license claims regarding third party intellectual property; risks related to data and information security vulnerabilities; ineffective management of, and control over, the Company's growth and international operations; adverse results in litigation; the dependence on key personnel as well as other factors contained in in our most recent Annual Report on Form 10-K (copies of which may be accessed through the Securities and Exchange Commission's website at, including those found therein under the captions "Risk Factors" and "Management's Discussion and Analysis of Financial Condition and Results of Operations". In addition, the forward-looking statements included in this press release represent the Company's views as of the date of this press release and these views could change. However, while the Company may elect to update these forward-looking statements at some point in the future, the Company specifically disclaims any obligation to do so. These forward-looking statements should not be relied upon as representing the Company's views as of any date subsequent to the date of the press release.

LINUX is a trademark of Linus Torvalds. RED HAT and JBOSS are registered trademarks of Red Hat, Inc. and its subsidiaries in the US and other countries.