When it comes to identifying potential security vulnerabilities in software, the technology industry has relied upon the Common Vulnerabilities and Exposure (CVE) system for more than two decades. Red Hat is a long-time contributor to this program, first helping the CVE system to work with the open source community and, more recently, serving as a CVE Naming Authority (CNA). Today, we’re pleased to further extend our leadership in identifying and addressing potential vulnerabilities in the open source world as a Root within the CVE Program.
As a CNA, Red Hat remains responsible for assigning CVE identifiers to vulnerabilities that affect open source software, particularly those that impact Red Hat’s products and associated upstream projects. Additionally, Red Hat continues to have a well-established user base and regularly publishes security information that is consulted by researchers and vendors.
By becoming a Root, Red Hat will lean on its expertise and experience in identifying and analyzing CVEs to help guide and manage CNAs. Within the CVE program, Roots recruit, train and provide governance for their CNAs, effectively “building a bench” of organizations that can further assess and identify potential CVEs. Red Hat will serve as a mentoring organization for other entities, providing further expansion of the CVE program as the need to address potential software vulnerabilities continues to grow.
It’s imperative that potential vulnerabilities be identified, defined, publicly disclosed and mitigated in open source technologies, especially as adoption of this software becomes foundational to a wide range of critical systems globally. We’re very pleased to help share our comprehensive knowledge and expertise around this necessity to the broader open source community as a Root, providing an opportunity for more organizations and communities to expand their knowledge and create a stronger, more transparent software supply chain.
執筆者紹介
Pete Allor is the Director for Red Hat Product Security covering the full Red Hat portfolio. He is active in various industry security forums for incident response reporting and secure development, such as NIST and CISA industry calls for input as well as FIRST (first.org), CVE and ISO / ITU / OASIS standards on security.
He is a former Board of Directors Member of FIRST, the Information Technology ISAC and a member of the Executive Board for the IT Sector Coordinating Council. Allor previously worked for Internet Security Systems, IBM and Honeywell. He is a retired US Army Officer.
チャンネル別に見る
自動化
テクノロジー、チームおよび環境に関する IT 自動化の最新情報
AI (人工知能)
お客様が AI ワークロードをどこでも自由に実行することを可能にするプラットフォームについてのアップデート
オープン・ハイブリッドクラウド
ハイブリッドクラウドで柔軟に未来を築く方法をご確認ください。
セキュリティ
環境やテクノロジー全体に及ぶリスクを軽減する方法に関する最新情報
エッジコンピューティング
エッジでの運用を単純化するプラットフォームのアップデート
インフラストラクチャ
世界有数のエンタープライズ向け Linux プラットフォームの最新情報
アプリケーション
アプリケーションの最も困難な課題に対する Red Hat ソリューションの詳細
仮想化
オンプレミスまたは複数クラウドでのワークロードに対応するエンタープライズ仮想化の将来についてご覧ください
