Click here to load reader
Upload
greg-hoelzer
View
23
Download
1
Embed Size (px)
Citation preview
13DAYS
SECURITY. PROTECTION. THE RED HAT WAY.Red Hat Product Security Risk Report: 2015
of Red Hat® Enterprise Linux® critical issues had
updates within 48 hours of public knowledge.96%
SEPJULMAYMARJAN
GH
OS
T
OCTAUGJUNAPRFEB NOV DEC
FIR
EFO
X L
OC
K F
ILE
LIB
US
ER
BIN
D D
oS
FR
EA
K
LO
GJA
M
AB
RT &
JB
OS
S O
NV
EN
OM
GR
UB
2 P
AS
SW
OR
D
FIR
EFO
X A
DD
-ON
JA
VA
DE
SE
RIA
LIZ
ATIO
N
FOUND BY 12.2%15.0% MAILING LISTS
RED HATEMPLOYEES59.4% RED HAT
RELATIONSHIPS
GET THE FULL REPORT
VULNERABILITIES SECURITY ADVISORIES
1,300+ 600+FIXED BY RELEASING
MEDIAN EMBARGO
For 2015, we knew about 438 (32%) of the
vulnerabilities we addressed in advance of
them being public. Across all products and
vulnerabilities of all severities known to us in
advance, the median embargo was 13 days.
808
204
167
66
60
49
8
INTERNET
RELATIONSHIP
RED HAT
INDIVIDUAL
PEER VENDORS
CVE
CERT
59.4%
15.0%
12.2%
4.8%
4.4%
3.6%
0.6%
0% 10 20 30 40 50 60 70 80 90 100%ADVANCE SOURCE # ISSUES
AT A GLANCE
A TOUR OF VULNERABILITIES IN 2015
HOW RED HAT FINDS VULNERABILITIES
TRANSPARENCY IS THE BEST POLICY
Copyright ©2016 Red Hat, Inc. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, and JBoss are trademarks of Red Hat, Inc., registered in the U.S. and other countries. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.