Red Hat Blog

<p>Red Hat security data is a central source of truth for Red Hat products regarding published, known vulnerabilities. The availability of accurate information in security data can help provide the correct risk assessment process in customers' vulnerability management programs, which further helps with vulnerability patching prioritization. We work diligently to continuously improve our security data by adding more information to the existing data, introducing new data formats and cooperating with other vendors, including security scanner vendors, regarding the general a

<p>Despite Kubernetes still being a relatively young technology, adoption rates have soared over the past several years as the container orchestration platform has become the cornerstone for many digital transformation initiatives. Even as organizations settle in with their use of the technology in production, however, there still remains concern around the best ways to secure containerized workloads. Red Hat’s <a href="https://www.redhat.com/en/resources/state-kubernetes-security-report-2023">The State of Kubernetes Security for 2023</a&a

<p>In this article we will describe how Microsoft and Red Hat are collaborating in the open source community to show how Red Hat <a href="https://www.redhat.com/en/technologies/cloud-computing/openshift">OpenShift</a> can be deployed on <a href="https://aka.ms/azurecc">Azure Confidential Computing</a> for providing confidential container capabilities to its users. For this purpose, OpenShift uses the <a href="https://www.redhat.com/en/blog/learn-openshift-sandboxed-containe

<drupal-media data-align="center" data-entity-type="media" data-entity-uuid="86dcee13-494e-41e0-a1ed-419306586e5d"></drupal-media> <h3>What are Confidential Containers?</h3> <p><strong><a href="https://github.com/confidential-containers">Confidential Containers</a></strong> (CoCo) is a new sandbox project of the <a href="https://www.cncf.io/">Cloud Native Comput

<p>For some time now, the conversation around what poses risk in software vulnerabilities has been evolving. It has been gratifying to hear other voices amplifying what I, and generally Red Hat, have been saying for years: not all vulnerabilities in software matter, and not all vulnerabilities in software are created equal. A number of industry leaders in the security space have been saying this, and those voices are becoming louder and harder to ignore. More importantly, as I talk to customers, the message is beginning to resonate. And that’s for one simple reason:</p&a

<p>As IT environments become more complex, especially as cloud-native technologies, cloud services and traditional hardware all interact to meet evolving business demands, automation remains a key organizational strategy. Automation helps manage and maintain operations at a greater scale, speed and agility. Greater IT complexity also dovetails with requirements for enhanced cybersecurity postures, with threats and vulnerabilities changing on a near daily basis. Automation and IT security are not mutually exclusive, but a guidebook to effective configurations that help keep operat

<p>When debugging or tracing running workloads in <strong><a href="https://www.redhat.com/en/technologies/cloud-computing/openshift">Red Hat OpenShift</a></strong> deployments, there will frequently be a need to run the workloads with elevated privileges. This is not possible or desirable in production deployments, however, due to the risks to the cluster and other running workloads.&nbsp;</p> <p>In this article we will demonstrate how customers can leverage an <

<p><em>The Red Hat Shares newsletter helps IT leaders navigate the complicated world of IT―the open source way.</em></p> <div class="rc-cta-primary"><a href="https://www.redhat.com/en/email-preferences?newsletter=RH-shares&amp;intcmp=7013a0000034h0bAAA">Subscribe to Red Hat Shares</a></div> <hr /> <div class="rc-title-emphasis">FROM THE EDITOR</div> <h3>De

<p>The <a href="https://github.com/confidential-containers">Confidential Containers</a> (CoCo) project aims to implement a cloud-native solution for confidential computing using the most advanced <a href="https://en.wikipedia.org/wiki/Trusted_execution_environment">trusted execution environments</a> (TEE) technologies available from hardware vendors like AMD, IBM and Intel. Recently, the first release of the project (<a href="https://github.com/confidential-containers/docum

<p>In the world of <a href="https://access.redhat.com/security/overview">product security</a> and compliance, there’s no shortage of leadership, at least on the surface. But “leadership” doesn’t necessarily mean the same thing across individuals, companies or industries. Practically, what traits should a leader in IT security exhibit? What should they be doing…or not doing? And why do these specific actions matter?</p> <p>Just like the nature of leadership itself, there isn’t an objective ans