Security
Red Hat Product Security
Red Hat believes that everyone, everywhere, is entitled to quality information needed to mitigate security and privacy risks, as well as the access to do so. We strive to protect communities of customers, contributors, and partners from digital security threats. We believe open source principles are the best way to achieve this.
Red Hat's security principles
Our open source security principles are baked into our products, services, and support
Defense in depth
Failure or compromise of a single layer or component of a system should not compromise the system as a whole.
Separation of duty
No one person, entity, or system identity should have full control or access to all elements of a policy, process, or system.
Security in design
Security is not an add-on, afterthought, or checklist.
Security by default
The default system configuration should have all reasonable security controls enabled and all services and features not needed for basic operation disabled.
Least privilege
Individuals, system identities, roles, entities, or execution contexts, be they human or automation, should be scoped to include only the access to resources required to complete the assigned and expected task or business duties.
Transparency
The open source principle of transparency should also apply to security issues and data, including designs, algorithms, and source code, all of which should be freely available when reasonable.
Understand the threat
Effective defense of a system must consider the nature of the actual threat or risk that is being mitigated or defended against so the appropriate responses are utilized.
Learn about Red Hat's approach to security and compliance
Security in open source software
Upstream community leadership
Review, track, and select packages for release
Static code analysis
Security hardening and quality assurance testing
Secure distribution of digitally signed packages
Continuous security updates
Security in Red Hat offerings
The leading enterprise Linux operating system, certified on hundreds of clouds and with thousands of vendors. Built-in tools help you ensure compliance and increase security.
An enterprise-ready Kubernetes container platform with full-stack automated operations to manage hybrid cloud and multicloud deployments. Increase container security with built-in capabilities for policies and controls.
A platform for implementing consistent enterprise-wide automation, no matter where you are in your automation journey. Reduce the risks caused by misconfigurations and manual errors with automation, and streamline your security operations while integrating security into the process, with access control, logging and auditing capabilities.