Transparent

Security in Open Source

It is a common myth that open source products are less secure than proprietary competitors. Actually, the availability of the source code for Red Hat Enterprise Linux makes a better alternative for creating secure systems. There is increased scrutiny of code to spot vulnerabilities before they can be used by viruses or worms. Not only is Red Hat constantly working to find potential issues in the software, but thousands of developers around the world are also examining the code looking for ways to improve it.

Not only does open source development help fix flaws, but it allows customers to match security technology to fit their processes. Security mechanisms are available for everyone to see and understand, allowing customers and partners to extend or enhance the functionality of security to meet their needs. For example, policies can be written in SELinux to secure custom applications.

Why is Open Source Security Better?

The power of the open source methodology has led to making Red Hat Enterprise Linux the operating system of choice for security. The modular, package-based design of Linux makes it easier to identify, resolve, and trace dependencies around security issues, compared to the monolithic designs of other operating systems where a single problem can have far-reaching and difficult-to-identify consequences. This open, standards-based design also gives customers flexibility to choose what they want to include in their operating system.

Studies, including a recent survey by Evans Data, show that Linux systems have fewer viruses and security breaches than competing operating systems. This higher level of security translates into direct value for customers:
  • Less employee downtime from computer viruses and worms
  • Secure web sites that are resistant to attacks
  • IT budgets can be spent enabling productivity, not defending it

CVE Compatibility

Red Hat adheres to the Common Vulnerabilities and Exposures standard, which allows customers to trace a vulnerability through multiple vendors by use of consistent naming.

OVAL Compatibility

Red Hat will be creating and supporting Open Vulnerability and Assessment Language patch definitions, providing a machine-readable version of our security advisories.