Account Log in

When it comes to identifying potential security vulnerabilities in software, the technology industry has relied upon the Common Vulnerabilities and Exposure (CVE) system for more than two decades. Red Hat is a long-time contributor to this program, first helping the CVE system to work with the open source community and, more recently, serving as a CVE Naming Authority (CNA). Today, we’re pleased to further extend our leadership in identifying and addressing potential vulnerabilities in the open source world as a Root within the CVE Program.

As a CNA, Red Hat remains responsible for assigning CVE identifiers to vulnerabilities that affect open source software, particularly those that impact Red Hat’s products and associated upstream projects. Additionally, Red Hat continues to have a well-established user base and regularly publishes security information that is consulted by researchers and vendors.

By becoming a Root, Red Hat will lean on its expertise and experience in identifying and analyzing CVEs to help guide and manage CNAs. Within the CVE program, Roots recruit, train and provide governance for their CNAs, effectively "building a bench" of organizations that can further assess and identify potential CVEs. Red Hat will serve as a mentoring organization for other entities, providing further expansion of the CVE program as the need to address potential software vulnerabilities continues to grow.

It’s imperative that potential vulnerabilities be identified, defined, publicly disclosed and mitigated in open source technologies, especially as adoption of this software becomes foundational to a wide range of critical systems globally. We’re very pleased to help share our comprehensive knowledge and expertise around this necessity to the broader open source community as a Root, providing an opportunity for more organizations and communities to expand their knowledge and create a stronger, more transparent software supply chain.


About the author

Pete Allor is the Director for Red Hat Product Security covering the full Red Hat portfolio. He is active in various industry security forums for incident response reporting and secure development, such as NIST and CISA industry calls for input as well as FIRST (first.org), CVE and ISO / ITU / OASIS standards on security.

Read full bio
Red Hat logo LinkedInYouTubeFacebookTwitter

Products

Tools

Try, buy, sell

Communicate

About Red Hat

We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Subscribe to our newsletter, Red Hat Shares

Sign up now

Select a language

© 2022 Red Hat, Inc. Red Hat Summit