Red Hat Champions a New Public Forum For Software Companies to Issue Official Statements on Vulnerabilities


United States, September 7, 2006

Creating a new, transparent way for the software industry to contribute real-time, official statements on vulnerabilities using the National Vulnerability Database

Red Hat (NASDAQ: RHAT), the world's leading provider of open source solutions to the enterprise, today announced its continuing commitment to superior security services with a new initiative, implemented by the National Institute of Standards and Technology (NIST), that enables members of the software industry to officially and publicly comment on vulnerabilities. This service is being implemented within the National Vulnerability Database (NVD) at NIST, based on Red Hat's recommendation.

Red Hat approached NIST with the idea of using the NVD to create an official vendor statement service based on the Common Vulnerabilities and Exposures (CVE) naming standard, giving the software industry an open, transparent forum to contribute information about vulnerabilities. Both open source and proprietary software vendors now have the opportunity to comment on vulnerabilities in their products, and can use the service in a variety of ways, including configuration and remediation guidance, clarifications of vulnerability applicability, deeper vulnerability analysis, disputes of third-party vulnerability information, and explanations of vulnerability impact.

Red Hat will be the first contributor to the service by providing real-time updates to the NVD about how vulnerabilities may or, just as importantly, may not affect Red Hat products. This information resource is critical to the timely dissemination of security information for Red Hat customers and will allow customers to take action quickly if needed. It is also the benefit that customers can expect on a much larger scale when the service is utilized by the software industry as a whole.

"With advancements such as SELinux and Execshield, Red Hat and the open source community continue to build superior security capabilities into the platform that natively protect against malicious use of vulnerabilities, but we are constantly looking for ways to improve and strengthen our security measures. Increasing and enhancing the communication paths and mechanisms for customers to obtain information about vulnerabilities is another way we can help our customers," said Mark J. Cox, Red Hat Security Response Director, Red Hat. "Through our work with NIST's National Vulnerability Database, we can now provide official statements about vulnerabilities and their potential impact via a widely recognized mechanism, as well as enable the entire software industry to contribute."

"We appreciate Red Hat approaching us with this idea of creating the official vendor statement initiative within the National Vulnerability Database," said Peter Mell, NVD Program Manager, NIST. "Software vendors have the deepest knowledge about their products and are uniquely positioned to comment on their vulnerabilities. Thanks to Red Hat's creativity, we are able to provide this service to the software development community as a whole."

As a widely recognized, comprehensive cyber security resource containing all publicly available U.S. government vulnerability information, the NVD can be used by users of both open source and proprietary software. By centralizing and communicating information for vulnerabilities, customers and users will benefit from increased information coming from both the U.S. government and vendors themselves.

To learn more about vendor statements within the NVD, please visit Vendor statements are directly visible from the relevant vulnerability pages. A complete XML feed is updated every two hours at To learn more about Red Hat's security initiatives, solutions, and resources, please visit

About Red Hat, Inc.

Red Hat, the world's leading open source and Linux provider, is headquartered in Raleigh, NC with satellite offices spanning the globe. The most trusted name in open source, CIOs and other senior-level IT executives have ranked Red Hat as the industry's most valued vendor for two consecutive years in the CIO Insight Magazine Vendor Value study. Red Hat is leading Linux and open source solutions into the mainstream by making high quality, low cost technology accessible. Red Hat provides operating system software along with applications, management, and middleware solutions, including JBoss Enterprise Middleware Suite (JEMS). Red Hat is accelerating the shift to service-oriented architectures (SOA) and enabling the next generation of web-enabled applications running on a low-cost, secure open source platform. Red Hat also offers support, training and consulting services to its customers worldwide and through top-tier partnerships. Red Hat's open source strategy offers customers a long term plan for building infrastructures that are based on and leverage open source technologies with focus on security and ease of management. Learn more:

Forward-Looking Statements

Certain statements contained in this press release may constitute "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements provide current expectations of future events based on certain assumptions and include any statement that does not directly relate to any historical or current fact. Actual results may differ materially from those indicated by such forward-looking statements as a result of various important factors, including: risks related to the integration of acquisitions; the ability of the Company to effectively compete; the inability to adequately protect Company intellectual property and potential for infringement or breach of license claims regarding third party intellectual property; risks related to data and information security vulnerabilities; ineffective management of, and control over, the Company's growth and international operations; adverse results in litigation; the dependence on key personnel as well as other factors contained in in our most recent Annual Report on Form 10-K (copies of which may be accessed through the Securities and Exchange Commission's website at, including those found therein under the captions "Risk Factors" and "Management's Discussion and Analysis of Financial Condition and Results of Operations". In addition, the forward-looking statements included in this press release represent the Company's views as of the date of this press release and these views could change. However, while the Company may elect to update these forward-looking statements at some point in the future, the Company specifically disclaims any obligation to do so. These forward-looking statements should not be relied upon as representing the Company's views as of any date subsequent to the date of the press release.

LINUX is a trademark of Linus Torvalds. RED HAT and JBOSS are registered trademarks of Red Hat, Inc. in the US and other countries. All other names and trademarks are the property of their respective owners.