Account Links: Cart | Register | Log In

Skip to content

Security Response Team

The Red Hat Security Response Team is responsible for ensuring that security issues found in Red Hat products and services are addressed.

Our mission is to:

  • Be the point of contact for customers, users, and researchers who have found security issues in our products and services, and publish the procedures for dealing with this contact.
  • Track alerts and security issues in the community which may affect users of Red Hat products and services.
  • Investigate and address security issues in our supported products and services.
  • Ensure timely security fixes for our supported products and services.
  • Ensure that customers can easily find, obtain, and understand security advisories and updates.
  • Help customers keep their systems current and up to date, to minimize the risk of security issues.
  • Work with other vendors of Linux and open source software (including our competitors) to reduce the risk of security issues through information sharing and peer review.

Contact

Refer to the Security Contacts and Procedures page for information on how to report a security issue in a Red Hat product or service.

Standards of service

The Red Hat Security Response Team ensures:

  • All email communication sent to the Security Response Team is read and acknowledged with a non-automated response within three working days.
  • All email communication that does not relate to a security issue found in our products or services is replied to with details on more appropriate places to send the communication.
  • If the issue you tell us about is complicated and requires greater attention from our technical staff, we contact you to explain this and when to expect a more detailed response. If prolonged investigations are necessary, we keep you informed of our progress at least every five working days, or alternatively, provide you with a mechanism to check the status of our progress at any time.
  • We work with you to identify other organizations, such as other open source software vendors, that you may wish to also contact about the issue.

Treating your communication in confidence

We want you to be able to share information about security issues with us in confidence. If the information you share with us is not already public knowledge, we:

  • Keep the information you share with the Security Response Team confidential within Red Hat, unless you have agreed otherwise.
  • Not share the information you send to us with any third-parties (including CERT, MITRE, or our partners and customers) without your agreement.
  • Give you a mechanism to communicate with us over a secure channel.
  • Expect you to treat communication from us in the same way, and to inform us if you communicate details of the issue to any other party.

How we address security flaws

The Red Hat Security Response Team follows an internal process for dealing with security issues known to us. We investigate and verify the issue, analyze which products are affected, determine the impact, and work out the remedial action that needs to be taken.

In the cases where a security update needs to be produced, we work to ensure the fix causes minimal side effects. We also work with you to determine an appropriate public notification date.

Dealing with complaints

The policies on this page allow you to hold us accountable to our performance of them. We would like to hear from you if you are happy or unhappy with our standards of service and performance: contact the Security Response Team first, and if your comment or complaint is not dealt with in a satisfactory manner, please contact the customer service manager at customerservice@redhat.com

Notifications and advisories

Refer to the Notifications and Advisories page for information on how to be notified about new security advisories, policies on advance notification, and where to find official statements for vulnerabilities under investigation or those that do not affect Red Hat.