Welcome!

Server Monitoring Authors: Yeshim Deniz, Liz McMillan, Pat Romanski, Carmen Gonzalez, Ken Schwaber

Related Topics: Server Monitoring, Linux Containers

Server Monitoring: Article

Red Hat Champions New Public Forum for Software Companies

Forum Enables Industry Members to Officially and Publicly Comment on Vulnerabilities

Red Hat has announced its continuing commitment to superior security services with a new initiative, implemented by the National Institute of Standards and Technology (NIST), that enables members of the software industry to officially and publicly comment on vulnerabilities. This service is being implemented within the National Vulnerability Database (NVD) at NIST, based on Red Hat's recommendation.

Red Hat approached NIST with the idea of using the NVD to create an official vendor statement service based on the Common Vulnerabilities and Exposures (CVE) naming standard, giving the software industry an open, transparent forum to contribute information about vulnerabilities. Both open source and proprietary software vendors now have the opportunity to comment on vulnerabilities in their products, and can use the service in a variety of ways, including configuration and remediation guidance, clarifications of vulnerability applicability, deeper vulnerability analysis, disputes of third-party vulnerability information, and explanations of vulnerability impact.

Red Hat will be the first contributor to the service by providing real-time updates to the NVD about how vulnerabilities may or, just as importantly, may not affect Red Hat products. This information resource is critical to the timely dissemination of security information for Red Hat customers and will allow customers to take action quickly if needed. It is also the benefit that customers can expect on a much larger scale when the service is utilized by the software industry as a whole.

"With advancements such as SELinux and Execshield, Red Hat and the open source community continue to build superior security capabilities into the platform that natively protect against malicious use of vulnerabilities, but we are constantly looking for ways to improve and strengthen our security measures. Increasing and enhancing the communication paths and mechanisms for customers to obtain information about vulnerabilities is another way we can help our customers," said Mark J. Cox, Red Hat Security Response Director, Red Hat. "Through our work with NIST's National Vulnerability Database, we can now provide official statements about vulnerabilities and their potential impact via a widely recognized mechanism, as well as enable the entire software industry to contribute."

"We appreciate Red Hat approaching us with this idea of creating the official vendor statement initiative within the National Vulnerability Database," said Peter Mell, NVD Program Manager, NIST. "Software vendors have the deepest knowledge about their products and are uniquely positioned to comment on their vulnerabilities. Thanks to Red Hat's creativity, we are able to provide this service to the software development community as a whole."

As a widely recognized, comprehensive cyber security resource containing all publicly available U.S. government vulnerability information, the NVD can be used by users of both open source and proprietary software. By centralizing and communicating information for vulnerabilities, customers and users will benefit from increased information coming from both the U.S. government and vendors themselves.



More Stories By Red Hat News Desk

Red Hat News Desk trawls the world's news information sources and brings you timely updates on its flagship Red Hat Enterprise Linux as well as the company's other product lines including database, content, and collaboration management applications; server and embedded operating systems; and software - including its most recent virtualization offerings.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organizers to pass great deals to great conferences, helping you discover new conferences and increase your return on investment.
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or per...
DXWorldEXPO LLC announced today that ICOHOLDER named "Media Sponsor" of Miami Blockchain Event by FinTechEXPO. ICOHOLDER gives detailed information and help the community to invest in the trusty projects. Miami Blockchain Event by FinTechEXPO has opened its Call for Papers. The two-day event will present 20 top Blockchain experts. All speaking inquiries which covers the following information can be submitted by email to [email protected] Miami Blockchain Event by FinTechEXPOalso offers sp...
SYS-CON Events announced today that IoT Global Network has been named “Media Sponsor” of SYS-CON's @ThingsExpo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. The IoT Global Network is a platform where you can connect with industry experts and network across the IoT community to build the successful IoT business of the future.
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear these words all day every day... lofty goals but how do we make it real? Add to that, that simply put, people don't like change. But what if we could implement and utilize these enterprise tools in a fast and "Non-Disruptive" way, enabling us to glean insights about our business, identify and reduce exposure, risk and liability, and secure business continuity?