The adoption of open source by large enterprises has already witnessed its power and dependencies. The best example can’t be better than open-source Linux which made recent headlines such as IBM buying Red Hat for $34-Billion and Microsoft ships full Linux kernel in Windows 10.
Red Hat Enterprise Linux (RHEL) is the most successful Linux distro for commercial usage that provides stable and engineered products. Red Hat Product Security is one of the dedicated teams that tracks and reviews all the reported security issues in Red Hat services so that it can be addressed as soon as possible.
The recent official report, “Red Hat Product Security Risk,” published by Red Hat security team, gives an overview of security vulnerabilities that impacted Red Hat products in 2019. Here, they refer to “product” as the services offered by them. You can find a full list of products from here.
Total 2,714 Security Vulnerabilities Reported In 2019
Red Hat publishes this report every year. In 2019, product security received a total of 2,714 security flaws. Comparing with the year 2017, which reported the highest ever with 3,034 flaws, the number actually came down.
When it comes to Common Vulnerability and Exposures (CVE) and Red Hat Security Advisory (RHSA), both show a good percentage of increase from previous years.
If you’re not aware, CVE is the name assigned to every security issue that Red Hat team fixes. And RHSA is an advisory that provides information about security flaws that affect Red Hat products and services. This is done to publicly disclose and create awareness about the known vulnerabilities.
Counting the numbers, there is a 3.8% increase in the CVEs from 1,272 (2018) to 1,313 (2019). With a total of 968 advisories, the security team publishes the highest ever RHSA.
Risk Level of Red Hat Products
Red Hat Linux contains thousands of software packages and each differs with different bugs and their associated effects. Hence, the security team uses a four-point scale to categorize the severity of a particular bug.
Vulnerabilities are labeled with ratings such as Low, Moderate, Important, or Critical. As per the report, products of RHEL 6,7 and 8 recorded the highest critical rating. However, the number is less compared to last year.
But, it is also interesting to note that the security team fixed 41% of critical vulnerabilities within 1 day of the issue becoming public. On average, critical advisories are issued within a week.
Not only that, but 566 RHSAs also addressed the record-breaking 340 important CVEs along with 18% already available within one business day.
Overall, Red Hat Enterprise Linux commits to providing a more stable product with a quick response to the risk. Having strong ties and relationships with other communities, it also resolves the issues in third-party software.