When it comes to identifying potential security vulnerabilities in software, the technology industry has relied upon the Common Vulnerabilities and Exposure (CVE) system for more than two decades. Red Hat is a long-time contributor to this program, first helping the CVE system to work with the open source community and, more recently, serving as a CVE Naming Authority (CNA). Today, we’re pleased to further extend our leadership in identifying and addressing potential vulnerabilities in the open source world as a Root within the CVE Program.
As a CNA, Red Hat remains responsible for assigning CVE identifiers to vulnerabilities that affect open source software, particularly those that impact Red Hat’s products and associated upstream projects. Additionally, Red Hat continues to have a well-established user base and regularly publishes security information that is consulted by researchers and vendors.
By becoming a Root, Red Hat will lean on its expertise and experience in identifying and analyzing CVEs to help guide and manage CNAs. Within the CVE program, Roots recruit, train and provide governance for their CNAs, effectively “building a bench” of organizations that can further assess and identify potential CVEs. Red Hat will serve as a mentoring organization for other entities, providing further expansion of the CVE program as the need to address potential software vulnerabilities continues to grow.
It’s imperative that potential vulnerabilities be identified, defined, publicly disclosed and mitigated in open source technologies, especially as adoption of this software becomes foundational to a wide range of critical systems globally. We’re very pleased to help share our comprehensive knowledge and expertise around this necessity to the broader open source community as a Root, providing an opportunity for more organizations and communities to expand their knowledge and create a stronger, more transparent software supply chain.
About the author
Pete Allor is the Director for Red Hat Product Security covering the full Red Hat portfolio. He is active in various industry security forums for incident response reporting and secure development, such as NIST and CISA industry calls for input as well as FIRST (first.org), CVE and ISO / ITU / OASIS standards on security.
He is a former Board of Directors Member of FIRST, the Information Technology ISAC and a member of the Executive Board for the IT Sector Coordinating Council. Allor previously worked for Internet Security Systems, IBM and Honeywell. He is a retired US Army Officer.
Browse by channel
Automation
The latest on IT automation for tech, teams, and environments
Artificial intelligence
Updates on the platforms that free customers to run AI workloads anywhere
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
The latest on how we reduce risks across environments and technologies
Edge computing
Updates on the platforms that simplify operations at the edge
Infrastructure
The latest on the world’s leading enterprise Linux platform
Applications
Inside our solutions to the toughest application challenges
Original shows
Entertaining stories from the makers and leaders in enterprise tech
Products
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Cloud services
- See all products
Tools
- Training and certification
- My account
- Customer support
- Developer resources
- Find a partner
- Red Hat Ecosystem Catalog
- Red Hat value calculator
- Documentation
Try, buy, & sell
Communicate
About Red Hat
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
Select a language
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit