RALEIGH, N.C. -- Red Hat (NASDAQ: RHAT), the world's leading provider of open source solutions to the enterprise, today announced its continuing commitment to superior security services with a new initiative, implemented by the National Institute of Standards and Technology (NIST), that enables members of the software industry to officially and publicly comment on vulnerabilities. This service is being implemented within the National Vulnerability Database (NVD) at NIST, based on Red Hat's recommendation.
Red Hat approached NIST with the idea of using the NVD to create an official vendor statement service based on the Common Vulnerabilities and Exposures (CVE) naming standard, giving the software industry an open, transparent forum to contribute information about vulnerabilities. Both open source and proprietary software vendors now have the opportunity to comment on vulnerabilities in their products, and can use the service in a variety of ways, including configuration and remediation guidance, clarifications of vulnerability applicability, deeper vulnerability analysis, disputes of third-party vulnerability information, and explanations of vulnerability impact.
Red Hat will be the first contributor to the service by providing real-time updates to the NVD about how vulnerabilities may or, just as importantly, may not affect Red Hat products. This information resource is critical to the timely dissemination of security information for Red Hat customers and will allow customers to take action quickly if needed. It is also the benefit that customers can expect on a much larger scale when the service is utilized by the software industry as a whole.
"With advancements such as SELinux and Execshield, Red Hat and the open source community continue to build superior security capabilities into the platform that natively protect against malicious use of vulnerabilities, but we are constantly looking for ways to improve and strengthen our security measures. Increasing and enhancing the communication paths and mechanisms for customers to obtain information about vulnerabilities is another way we can help our customers," said Mark J. Cox, Red Hat Security Response Director, Red Hat. "Through our work with NIST's National Vulnerability Database, we can now provide official statements about vulnerabilities and their potential impact via a widely recognized mechanism, as well as enable the entire software industry to contribute."
Red Hat Inc. (Nasdaq: RHAT)