This article is the first in a two-part series. Here we take a step back and look at the evolving IT security risk landscape and…read full post

With the uptick in software supply chain attacks over the last couple of years, we have harnessed a particular focus on software supply chain security…read full post

Red Hat Product Security has been developing RapiDAST, a tool that can be used for security testing of products and services. DAST stands for dynamic application…read full post

In this article, I’ll go over some typical problems users may face with Fedora SHA-1 status (including some possible workarounds), and how you can update…read full post

The threat modeling process is an approach engineering teams can adopt to help identify security weaknesses in the design phase of their projects…read full post

Five steps for handling a data exposure…read full post

The PwnKit vulnerability has been exploited in the real world - how did Red Hat respond to this important vulnerability…read full post

As Red Hat is modernizing our approach to Compliance as Code, we are making some changes to better provide our customers with the most accurate…read full post

What is Red Hat doing to demonstrate that our offerings are developed in a secure manner and provide trustworthy solutions…read full post

Clair is an open source project that provides a tool to monitor the security of your containers through the static analysis of vulnerabilities in container…read full post