Abonnez-vous au flux

A year in review: 2018 Product Security Risk Report

28 février 2019Christopher Robinson1 minutes (temps de lecture)
Security 

Each year, Red Hat Product Security reflects back and reviews the vulnerabilities that impacted our products. We’ve shared the results of this analysis in our annual Red Hat Product Security Risk report.  

Looking back, 2018 was a busy year in the field of incident response and vulnerability management. Many high-profile issues were discovered that had broad-reaching impacts to operations in all sectors, from traditional data-centers all the way out to the edges of the cloud. Customers potentially affected by  issues with kernels, Kubernetes and others looked to Red Hat to help understand the potential to impact their operations.

Our annual risk report provides context for these security-related flaws, informs you how/if our products were affected by major vulnerabilities over the past year, and elaborates on our methodology for identifying potential impact on our customers. Our philosophy of providing clear advice and analysis along with our security errata has continued as we have faced an increased number of new exploits and vulnerabilities across the open source spectrum.  It is about managing risks versus letting risks manage you.

This year we reviewed:

  • Security response metrics.
  • Specific vulnerabilities.
  • The most common ways Red Hat users were affected by security vulnerabilities.

Among our findings from 2018:

  • Across the Red Hat portfolio, we issued 111 Critical advisories addressing 57 Critical vulnerabilities. (An overall increase over the last several years of reporting.)
  • 80% of Critical issues were addressed within one week.
  • 2894 issues were reported to Product Security; of those only 430 (14.8%) were embargoed for some period of time.
  • A catchy name or a flashy headline for a vulnerability doesn't tell much about its risk. Red Hat Product Security helps customers determine the actual vulnerability impact. Like previous years, the majority of issues that mattered were not branded.

Learn more about the flaws that made an impact in 2018 by reading the full report.

À propos de l'auteur

Christopher

Christopher Robinson

Former Red Hat Product Security Program Architect

Christopher Robinson, better known as CRob to his colleagues, is a former Product Security Program Architect at Red Hat.

Read full bio
UI_Icon-Red_Hat-Close-A-Black-RGB

Contenu similaire

Blog post

When LLMs day dream: Hallucinations and how to prevent them

Blog post

How Red Hat is integrating post-quantum cryptography into our products

Programmes originaux

Technically Speaking | The role of the OS in the Age of AI

Programmes originaux

A new software supply chain security recipe | Technically Speaking

Parcourir par canal

Explorer tous les canaux
automation icon

Automatisation

Les dernières nouveautés en matière d'automatisation informatique pour les technologies, les équipes et les environnements
AI icon

Intelligence artificielle

Actualité sur les plateformes qui permettent aux clients d'exécuter des charges de travail d'IA sur tout type d'environnement
open hybrid cloud icon

Cloud hybride ouvert

Découvrez comment créer un avenir flexible grâce au cloud hybride

security icon

Sécurité

Les dernières actualités sur la façon dont nous réduisons les risques dans tous les environnements et technologies
edge icon

Edge computing

Actualité sur les plateformes qui simplifient les opérations en périphérie
Infrastructure icon

Infrastructure

Les dernières nouveautés sur la plateforme Linux d'entreprise leader au monde
application development icon

Applications

À l’intérieur de nos solutions aux défis d’application les plus difficiles
Original series icon

Programmes originaux

Histoires passionnantes de créateurs et de leaders de technologies d'entreprise