Why do people pay Red Hat for a subscription to use our software? Simply put, a Red Hat subscription is more than just support. It includes access to our award-winning Customer Portal, expansive knowledgebase, certification ecosystem, Red Hat Product Security, committed product lifecycles, industry-leading technical and automated support services, and the ability to collaborate with peers and Red Hat experts. The Red Hat subscription provides customers with the guidance and stability needed for mission-critical environments. In addition, it provides security.
All software - no matter the license, provenance, or supply-chain involved - is at risk of having bugs, mistakes in the code which could introduce errors in the way it performs. If an error poses a security risk where an attacker could deliberately cause a program to fail, those are classified as vulnerabilities. While only a small portion of errors are vulnerabilities, the consequences of those errors can be dire.
Red Hat's Product Security team supports more than 100 different products and versions, ranging from our flagship product Red Hat Enterprise Linux and Red Hat JBoss Middleware to our emerging products including Red Hat Enterprise Linux OpenStack Platform, OpenShift, and Red Hat Enterprise Linux Atomic Host. Our products are made up of many different open source components. Red Hat Enterprise Linux 7, for example, is comprised of several thousand different packages and each one can be a separate open source project. Red Hat’s Product Security team is responsible for knowing every component of every Red Hat product. They are responsible for helping find and track issues that could pose a threat to the integrity of the code. With code coming from a variety of open source projects and contributors, this task is no easy feat. I am proud to report that in 2014, across supported versions of Red Hat Enterprise Linux, 97% of critical vulnerabilities had a customer fix the same or next day after they were public.
In addition, we continue to actively monitor the time it takes for vulnerabilities to pass through our workflow of identifying, fixing, and delivering a solution to our customers. While we are constantly striving to identify and remediate critical vulnerabilities, our security value proposition to our customers is more than just quick response time.
For any given Red Hat product, we have a single mechanism for getting updates on security issues across our components and technologies. In addition, products are supported with long lifecycles (for example, Red Hat Enterprise Linux 5, 6 and 7 are supported for 10 years), and generally maintain security updates for open source components even beyond their upstream end of life.
2014 will be remembered for a number of high profile vulnerabilities including Heartbleed, ShellShock, and Poodle. While we provided fast updates to correct these vulnerabilities that affected Red Hat products, getting solutions to customers was only part of the service we provided. When serious issues were found in the UNIX-like shell, Bash, called ShellShock in September 2014, Red Hat customers received timely advice, industry-leading security expertise, access to technical information and support, proactive notifications, Customer Portal alerts and articles, and a Red Hat Access Labs self-detection tool.
We want customers to hear about major security issues that could affect them from us first. We want our customers to have confidence in the knowledge that we are on top of any security situation that may arise and that we are committed to providing specific, timely, calm, and technically accurate advice on how the issues affect our products and services.
While security is only one piece of the Red Hat subscription, it remains an important one.
Learn more:
저자 소개
Marco Bill-Peter is the senior vice president of Customer Experience and Engagement (CEE) at Red Hat. CEE is responsible for increasing the value customers and partners receive from their relationship with Red Hat. In addition to technical support delivery and strategic customer engagement, Bill-Peter's organization is responsible for the award-winning Red Hat Customer Portal, quality engineering, DevOps, product certifications, product security, product documentation, and translation services.
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
오리지널 쇼
엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리
제품
- Red Hat Enterprise Linux
- Red Hat OpenShift Enterprise
- Red Hat Ansible Automation Platform
- 클라우드 서비스
- 모든 제품 보기
툴
체험, 구매 & 영업
커뮤니케이션
Red Hat 소개
Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.