Many people pull container images from public registries, full of user generated content. Do they really know who built them, how they were built, or whether they are trustworthy? There are several reports about compromised images which trick people into…
Category: http://securityblog.redhat.com/feed/
Be careful when pulling images by short name
Many people pull container images from public registries, full of user generated content. Do they really know who built them, how they were built, or whether they are trustworthy? There are several reports about compromised images which trick people into…
With Kubernetes Operators comes great responsibility
Operators are a powerful way to extend the functionality of Red Hat OpenShift Container Platform and Kubernetes. OpenShift provides features for deploying Operators in a safer way, such as OperatorHub, and the Operator Lifecycle Manager (OLM). In this post we…
With Kubernetes Operators comes great responsibility
Operators are a powerful way to extend the functionality of Red Hat OpenShift Container Platform and Kubernetes. OpenShift provides features for deploying Operators in a safer way, such as OperatorHub, and the Operator Lifecycle Manager (OLM). In this post we…
Reviewing vulnerabilities in 2019: The annual Red Hat Product Security Risk Report
Red Hat Product Security had a busy year, like many of you most likely did, in 2019. As each year closes we take time to reflect upon all of “the security” we and our subscribers got to interact with throughout…
Laying a foundation for more secure computing: Red Hat Enterprise Linux and Common Criteria
From Linux containers and Kubernetes to edge computing and 5G, modern computing advancements have spread far and wide across the hybrid cloud. But at the center of almost all IT deployments, whether in a core datacenter, at the network’s edge…
Securing the deployment of OpenShift Container Platform 4
There have been some changes to the way we deliver OpenShift Container Platform 4 from OpenShift Container Platform 3. The installer and client binaries are delivered via mirror.openshift.com, as well as access.redhat.com. Also, container images are delivered from Quay.io primarily,…
Time to celebrate Data Privacy Day!
In the words of the National Cyber Security Alliance, Data Privacy Day “is an international effort to empower individuals and encourage businesses to respect privacy, safeguard data and enable trust.” Data privacy should be at the forefront of everyone’s mind. …
Time to celebrate Data Privacy Day!
In the words of the National Cyber Security Alliance, Data Privacy Day “is an international effort to empower individuals and encourage businesses to respect privacy, safeguard data and enable trust.” Data privacy should be at the forefront of everyone’s mind. …
How RHEL 8 is designed for FIPS 140-2 requirements
Deploying software in a large organization is a challenging task when it comes to providing a consistent and reasonable level of security. Any number of vendors are involved in delivering software that addresses numerous needs of the organization, and that…
How RHEL 8 is designed for FIPS 140-2 requirements
Deploying software in a large organization is a challenging task when it comes to providing a consistent and reasonable level of security. Any number of vendors are involved in delivering software that addresses numerous needs of the organization, and that…