13DAYS

SECURITY. PROTECTION. THE RED HAT WAY.Red Hat Product Security Risk Report: 2015

of Red Hat® Enterprise Linux® critical issues had

updates within 48 hours of public knowledge.96%

SEPJULMAYMARJAN

GH

OS

T

OCTAUGJUNAPRFEB NOV DEC

FIR

EFO

X L

OC

K F

ILE

LIB

US

ER

BIN

D D

oS

FR

EA

K

LO

GJA

M

AB

RT &

JB

OS

S O

NV

EN

OM

GR

UB

2 P

AS

SW

OR

D

FIR

EFO

X A

DD

-ON

JA

VA

DE

SE

RIA

LIZ

ATIO

N

FOUND BY 12.2%15.0% MAILING LISTS

RED HATEMPLOYEES59.4% RED HAT

RELATIONSHIPS

GET THE FULL REPORT

VULNERABILITIES SECURITY ADVISORIES

1,300+ 600+FIXED BY RELEASING

MEDIAN EMBARGO

For 2015, we knew about 438 (32%) of the

vulnerabilities we addressed in advance of

them being public. Across all products and

vulnerabilities of all severities known to us in

advance, the median embargo was 13 days.

808

204

167

66

60

49

8

INTERNET

RELATIONSHIP

RED HAT

INDIVIDUAL

PEER VENDORS

CVE

CERT

59.4%

15.0%

12.2%

4.8%

4.4%

3.6%

0.6%

0% 10 20 30 40 50 60 70 80 90 100%ADVANCE SOURCE # ISSUES

AT A GLANCE

A TOUR OF VULNERABILITIES IN 2015

HOW RED HAT FINDS VULNERABILITIES

TRANSPARENCY IS THE BEST POLICY

Copyright ©2016 Red Hat, Inc. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, and JBoss are trademarks of Red Hat, Inc., registered in the U.S. and other countries. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.