I’m going to come right out and say it: CVSS does NOT equal Risk (CVSS!=Risk). Anyone who thinks otherwise is mistaken and setting themselves up…read full post

In recent years, there have been a number of security issues taking advantage of flaws in applications and even computer processors. These opened new attack…read full post

A new series of vulnerabilities in Intel processors, known as Microarchitectural Data Sampling, or more simply MDS, was recently made public and Red Hat released…read full post

Random numbers are important in computing. TCP/IP sequence numbers, TLS nonces, ASLR offsets, password salts, and DNS source port numbers all rely on random numbers…read full post

Recently, I was asked to speak at one of Red Hat’s regional events, the Security Symposium series, which was an absolutely easy decision to make…read full post

What's the Microprocessor Data Sampling (MDS) vulnerability? How does it work? How do you mitigate it? Read on to find out…read full post

We've gone from the castle-and-moat approach of datacenter security to a more abstract concept of security in the public cloud. Or have we? Do the…read full post

How does the newly-discovered MDS vulnerability work? How does it relate to Spectre and Meltdown? And how do you mitigate it? Red Hat's Jon Masters…read full post

For anyone working in the privacy space, 2018 can be summed up with four letters: GDPR. The General Data Protection Regulation’s implementation date of May…read full post

Each year, Red Hat Product Security reflects back and reviews the vulnerabilities that impacted our products. We’ve shared the results of this analysis in our…read full post