United States (change)

Shortcuts: Downloads | Fedora | Red Hat Network

Account Links: Cart | Register | Log In

Main Site Links:

• Services & Products
  • Red Hat Enterprise Linux
    • Server
    • Desktop
  • Red Hat Enterprise Virtualization
    • Server
    • Desktop
  • JBoss Enterprise Middleware
  • Red Hat Services
    • Consulting
    • Training
    • Amentra
  • Messaging, Realtime, Grid (MRG)
  • Systems Management
  • Identity Management
  • All Services & Products
• Solutions
  • Virtualization
  • Migration Center
  • Medium & Large Enterprise Business
  • Enterprise Solutions
  • Industries
    • Education
    • Financial
    • Government
    • Healthcare
    • Oil & Gas
    • Telecommunications
  • Business Needs
    • Business Intelligence
    • Collaboration & Content Management
    • Enterprise Applications
    • Security & Identity Management
  • Customer Success
  • All Solutions
• Partners
  • Partner Programs
    • OEMs
    • Resellers
    • Alliance
    • Training Resellers
    • System Integrators
    • Software (ISV)
    • Runtime
    • Hardware (IHVs)
    • Hosting
  • Partner Help Desk
  • Subscription Center
  • Partners Home
• Community
  • Community Home
• Training
  • Courses
  • Certification
  • Specialized Solutions
  • All Training
• Support
  • Knowledgebase
  • Documentation
  • Downloads
  • Offerings
  • Support Policy
  • Support Process
  • Customer Center
  • All Support
• Company
  • Company Profile
    • Investor Relations
    • Worldwide Offices
    • Contact
  • Customer Success
  • News & Events
    • Press Release Archive
    • News Blog
    • Events Schedule
  • Work at Red Hat
    • Look Inside Red Hat
    • Careers
    • Search Jobs
  • What is Red Hat?
    • Why Red Hat?
    • Why Open Source?
    • Why Collaboration?
    • Why Subscriptions?
    • Red Hat Stories
  • Webinars
  • Videos
  • Company Home
• Buy Online
  • Products
    • Server Operating Systems
    • Desktop Operating Systems
    • Systems Management
    • Infrastructure Products
    • Red Hat Online Training
  • Solutions
    • Small Business
    • Identity Management
    • Developers
    • Storage
    • Software as a Service
  • Order History
  • View Saved Carts
  • Renew Subscriptions
  • Store Catalog

Security Contacts and Procedures

Red Hat takes security very seriously and we aim to take immediate action to address serious security-related problems that involve our products or services.

Please report any security vulnerabilities in any Red Hat product or service to the Red Hat Security Response Team, secalert@redhat.com. You can use our GPG key to communicate securely with us.

What you should use secalert@redhat.com for:

• If you have found a security vulnerability in a Red Hat product or service.
• If you are unsure about how a known vulnerability affects a Red Hat product or service.
• Comments and complaints about our standards of service and performance. If your comment or complaint is not dealt with in a satisfactory manner, please contact the customer service manager at customerservice@redhat.com.

What you should not use secalert@redhat.com for:

• Technical assistance (for example, "how do I configure my firewall?").
• Asking for help upgrading packages due to security alerts. Refer to How do I apply package updates from the Red Hat Network? for information on upgrading packages.
• Other non–security-related issues.

In any of these cases, please contact Red Hat Global Support Services instead.

Who reads email sent to secalert@redhat.com?

The Red Hat Security Response Team, a restricted and carefully chosen group of Red Hat employees, monitors the secalert@redhat.com address. No outside users can subscribe to this list.

What to send to secalert@redhat.com

Please give us much information as possible when contacting the list. We encourage you to encrypt any sensitive information you send to us using our GPG public key.

How we respond to notification

Email communication sent to secalert@redhat.com is read and acknowledged with a non-automated response within three working days. We open an investigation for issues that are complicated and require greater attention, and keep you informed of our progress at least every five working days, or alternatively, provide you with a mechanism to check the status of our progress at any time.

Any information you share with us about security issues that are not public knowledge is kept confidential within Red Hat. It is not passed on to any third-party without your permission.

Advance notification

Red Hat does not provide an advance notification service. Security advisories are available from our website and via the Red Hat Network.