Red Hat product security

Red Hat believes that everyone, everywhere, is entitled to quality information needed to mitigate security and privacy risks, as well as the access to do so. We strive to protect communities of customers, contributors, and partners from digital security threats. We believe open source principles are the best way to achieve this.

Illustration of secure applications and technology within the cloud

Red Hat's security principles

Our open source security principles are baked into our products, services, and support

Defense in depth

Failure or compromise of a single layer or component of a system should not compromise the system as a whole.

Separation of duty

No one person, entity, or system identity should have full control or access to all elements of a policy, process, or system.

Security in design

Security is not an add-on, afterthought, or checklist.

Security by default

The default system configuration should have all reasonable security controls enabled and all services and features not needed for basic operation disabled.

Least privilege

Individuals, system identities, roles, entities, or execution contexts, be they human or automation, should be scoped to include only the access to resources required to complete the assigned and expected task or business duties.


The open source principle of transparency should also apply to security issues and data, including designs, algorithms, and source code, all of which should be freely available when reasonable.

Understand the threat

Effective defense of a system must consider the nature of the actual threat or risk that is being mitigated or defended against so the appropriate responses are utilized.

Learn about Red Hat's approach to security and compliance

Red Hat’s approach to security and compliance: the job is never done. Video duration: 2:21

Security in open source software

Upstream community leadership

Review, track, and select packages for release

Static code analysis

Security hardening and quality assurance testing

Secure distribution of digitally signed packages

Continuous security updates

Security in Red Hat offerings

The leading enterprise Linux operating system, certified on hundreds of clouds and with thousands of vendors. Built-in tools help you ensure compliance and increase security.

An enterprise-ready Kubernetes container platform with full-stack automated operations to manage hybrid cloud and multicloud deployments. Increase container security with built-in capabilities for policies and controls.

A platform for implementing consistent enterprise-wide automation, no matter where you are in your automation journey. Reduce the risks caused by misconfigurations and manual errors with automation, and streamline your security operations while integrating security into the process, with access control, logging and auditing capabilities.

Learn more about Red Hat's approach to security