Security

Red Hat product security

Red Hat believes that everyone, everywhere, is entitled to quality information needed to mitigate security and privacy risks, as well as the access to do so. We strive to protect communities of customers, contributors, and partners from digital security threats. We believe open source principles are the best way to achieve this.

Illustration of secure applications and technology within the cloud

Red Hat's security principles

Our open source security principles are baked into our products, services, and support

Defense in depth

Failure or compromise of a single layer or component of a system should not compromise the system as a whole.

Separation of duty

No one person, entity, or system identity should have full control or access to all elements of a policy, process, or system.

Security in design

Security is not an add-on, afterthought, or checklist.

Security by default

The default system configuration should have all reasonable security controls enabled and all services and features not needed for basic operation disabled.

Least privilege

Individuals, system identities, roles, entities, or execution contexts, be they human or automation, should be scoped to include only the access to resources required to complete the assigned and expected task or business duties.

Transparency

The open source principle of transparency should also apply to security issues and data, including designs, algorithms, and source code, all of which should be freely available when reasonable.

Understand the threat

Effective defense of a system must consider the nature of the actual threat or risk that is being mitigated or defended against so the appropriate responses are utilized.

What we do:

Additional information:

Learn about Red Hat's approach to security and compliance

This video can't play due to privacy settings

To change your settings, select the "Cookie Preferences" link in the footer and opt in to "Advertising Cookies."

Red Hat’s approach to security and compliance: the job is never done. Video duration: 2:21

Security in open source software

Upstream community leadership

Review, track, and select packages for release

Static code analysis

Security hardening and quality assurance testing

Secure distribution of digitally signed packages

Continuous security updates

How security hardening works in Red Hat Enterprise Linux

Security in Red Hat offerings

Red Hat Enterprise Linux

The leading enterprise Linux operating system, certified on hundreds of clouds and with thousands of vendors. Built-in tools help you ensure compliance and increase security.

Red Hat OpenShift

An enterprise-ready Kubernetes container platform with full-stack automated operations to manage hybrid cloud and multicloud deployments. Increase container security with built-in capabilities for policies and controls.

Red Hat Ansible Automation Platform

A platform for implementing consistent enterprise-wide automation, no matter where you are in your automation journey. Reduce the risks caused by misconfigurations and manual errors with automation, and streamline your security operations while integrating security into the process, with access control, logging and auditing capabilities.

DesignBuildRunManageAdapt
Red Hat ConsultingRed Hat OpenShift Container PlatformRed Hat Enterprise LinuxRed Hat Advanced Cluster Management for KubernetesRed Hat Insights
Red Hat ServicesRed Hat Application ServicesRed Hat Enterprise Linux CoreOSRed Hat Ansible Automation PlatformRed Hat Security Advisories
Red Hat TrainingRed Hat 3scale API ManagementRed Hat VirtualizationRed Hat Satellite 
  Red Hat OpenStack PlatformRed Hat Certificate System 
  Red Hat StorageRed Hat Directory Server 

 

Learn more about Red Hat's approach to security

Talk to a Red Hatter