Severity analysis of vulnerabilities by experts from the information security industry is rarely based on real code review. In the ‘Badlock’ case, most read our CVE descriptions and built up a score representing a risk this CVE poses to a user. There is nothing wrong with this approach if it is done correctly. CVEs are analyzed in isolation; as if no other issue exists. In the case of a ‘Badlock‘ there were eight CVEs. The difference is the fact that one of them was in a foundational component used by most of the code affected by the remaining seven CVEs. That very specific CVE was
Continue reading “How Badlock Was Discovered and Fixed”
As many specialists in the security world know – the RSA Security Conference is one of the biggest security conferences in North America. This year it was once again held in San Francisco at the Moscone Center. Every year the conference gets bigger and bigger, bringing in more and more people and companies from all over the world.
If you attended – you may have noticed that Red Hat had a booth this year. Located in the corner of the main expo floor (not far from some of the “big guys” like: IBM, Microsoft, EMC, CA Technologies, and Oracle) we were in a great location – receiving no shortage of traffic. In fact, despite staffing the booth with six Red Hatters we didn’t have any “down time” – everyone seemed to be interested in what Red Hat has to offer in security.
Over the course of the conference I made a few interesting observations…
Continue reading “RSA Security Conference 2015 in Review: Three Observations”
Because more and more enterprises are considering containerization as a new application deployment model, Red Hat hopes to make the adoption of container technology as smooth as possible for our customers. We are evaluating and testing various workloads in-house and spend a good chunk of our engineering time developing, integrating, and testing a trusted, supported application platform stack for containerized applications. The recent announcement of the Red Hat Enterprise Linux 6 platform image moves us even closer to the goal: we now have another certified platform that can run applications as complex as Oracle Database in a container (see video below).
Databases are among the most widely deployed applications out there and are often seen as the hardest to deploy. Containers promise to ease that pain
Continue reading “Containerizing Databases with Red Hat Enterprise Linux”