Account 로그인

Another security report was released this week that claims to show the "patch development time" for various distributions. Symantec gives some high level results, but none of the detail required to figure out how exactly it got to its results.

Our Red Hat Security Response team is committed to transparency. With every security advisory we release, we provide details on not only the security issue itself, but also on how we first found out about it, when we first found out about it, when it was made public and when we fixed it.

Because the software in Red Hat Enterprise Linux 4 is open source, we’re likely not to be the only company shipping each particular application. So unlike software that comes from a single vendor, we are rarely in control of the dates issues are made public. This is actually a good thing because it leads to much shorter response times between when issues are first reported to when they are made public. It also means our company can’t try to artificially reduce our "days of risk" statistics by using tactics such as holding off disclosure of important issues for a long period until a regularly scheduled patch day.

In any event, our track record in fixing critical issues–those that matter the most to customers–is outstanding. Using our publicly available data, you can see that a default installation of Red Hat Enterprise Linux 4 AS in the first two years since release was only vulnerable to three critical severity issues. Fixes for every one was available from Red Hat Network within two calendar days of public disclosure of the vulnerability.

Visit our Security Measurement page here.

About the author

Red Hat logo LinkedInYouTubeFacebookTwitter


구매 정보


Red Hat 소개

Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.

Red Hat Shares 뉴스레터를 구독하세요

지금 신청하기

언어 선택

© 2022 Red Hat, Inc. Red Hat Summit