October: What have we been doing for you?

The Red Hat Product Security Team is constantly working behind the scenes to protect our customers.  Here are just a few things that we’ve been working on in October:

  • Auditing packages – One of the big tasks our team members work on is reviewing software packages to make sure they meet our high standards.
  • Prelink is dead – We worked closely with the Fedora community to have prelink removed from the distribution (by default).  Prelink disables address space layout randomization (ASLR) which helps prevent attackers from jumping to an exploited function in memory.
  • Security Feature Matrix – Part of our research brought us to look back at our products and determine what security features we implemented (or didn’t) and where we’re going for future versions.  We’ll be talking more about this in the near future.
  • Assigning CVEs for Open Source software – One of the services Red Hat provides is working with open source software developers on security vulnerabilities discovered in their code.  Each month we assign roughly 100 CVEs.

These and many other projects are on our work benches.  Please stay tuned to hear more about our work and research in upcoming posts.