Iscriviti al feed

When it comes to identifying potential security vulnerabilities in software, the technology industry has relied upon the Common Vulnerabilities and Exposure (CVE) system for more than two decades. Red Hat is a long-time contributor to this program, first helping the CVE system to work with the open source community and, more recently, serving as a CVE Naming Authority (CNA). Today, we’re pleased to further extend our leadership in identifying and addressing potential vulnerabilities in the open source world as a Root within the CVE Program.

As a CNA, Red Hat remains responsible for assigning CVE identifiers to vulnerabilities that affect open source software, particularly those that impact Red Hat’s products and associated upstream projects. Additionally, Red Hat continues to have a well-established user base and regularly publishes security information that is consulted by researchers and vendors.

By becoming a Root, Red Hat will lean on its expertise and experience in identifying and analyzing CVEs to help guide and manage CNAs. Within the CVE program, Roots recruit, train and provide governance for their CNAs, effectively “building a bench” of organizations that can further assess and identify potential CVEs. Red Hat will serve as a mentoring organization for other entities, providing further expansion of the CVE program as the need to address potential software vulnerabilities continues to grow.

It’s imperative that potential vulnerabilities be identified, defined, publicly disclosed and mitigated in open source technologies, especially as adoption of this software becomes foundational to a wide range of critical systems globally. We’re very pleased to help share our comprehensive knowledge and expertise around this necessity to the broader open source community as a Root, providing an opportunity for more organizations and communities to expand their knowledge and create a stronger, more transparent software supply chain.


Sull'autore

Pete Allor is the Director for Red Hat Product Security covering the full Red Hat portfolio. He is active in various industry security forums for incident response reporting and secure development, such as NIST and CISA industry calls for input as well as FIRST (first.org), CVE and ISO / ITU / OASIS standards on security.

He is a former Board of Directors Member of FIRST, the Information Technology ISAC and a member of the Executive Board for the IT Sector Coordinating Council. Allor previously worked for Internet Security Systems, IBM and Honeywell. He is a retired US Army Officer.

Read full bio
UI_Icon-Red_Hat-Close-A-Black-RGB

Ricerca per canale

automation icon

Automazione

Novità sull'automazione IT di tecnologie, team e ambienti

AI icon

Intelligenza artificiale

Aggiornamenti sulle piattaforme che consentono alle aziende di eseguire carichi di lavoro IA ovunque

open hybrid cloud icon

Hybrid cloud open source

Scopri come affrontare il futuro in modo più agile grazie al cloud ibrido

security icon

Sicurezza

Le ultime novità sulle nostre soluzioni per ridurre i rischi nelle tecnologie e negli ambienti

edge icon

Edge computing

Aggiornamenti sulle piattaforme che semplificano l'operatività edge

Infrastructure icon

Infrastruttura

Le ultime novità sulla piattaforma Linux aziendale leader a livello mondiale

application development icon

Applicazioni

Approfondimenti sulle nostre soluzioni alle sfide applicative più difficili

Original series icon

Serie originali

Raccontiamo le interessanti storie di leader e creatori di tecnologie pensate per le aziende