![]() All of these information sources form the basis of our reports, which we monitor in a queue system. In addition to reviewing these sources, we maintain an email address where people can report vulnerabilities. These disclosure lists publish all known vulnerabilities and place the responsibility on a company to determine the effect on their products. This process must be followed consistently and accurately.įor companies, like Red Hat, that are involved in numerous open source communities and vulnerability email lists, the first step, "triage," can be challenging. This severity analysis will determine the urgency of the response and ensure that the vulnerabilities are fixed promptly. If so, we determine the severity to which the product is affected. When we receive a flaw, the first step is to determine if our products are affected. These incidents can be as simple as a false positive report or a severe risk to the security of our customers using our products. The IRP is the formal process that Red Hat will follow when presented with a product security incident. Red Hat’s plan for incident response is a multistep process that starts by triaging flaws, then doing analysis and finally following through with trackers and fixes. Having a systematic process that can handle these requirements is not trivial. A formal IRP helps direct the teams in responding to these scenarios and gives a solid response to customer questions about being thorough in responding. However, a particular Red Hat product may be less impacted due to compensating controls around a specific piece of code. Red Hat includes how to classify the severity of each Common Vulnerability and Exposure (CVE), additionally providing a Common Vulnerability Scoring System (CVSS) score. Playbooks and other detailed procedures are then linked to the plan.Īnother example of the value of an IRP is how it informs and collaborates on specific processes that support the response effort for the organization. After all, incident responses involve more than just the security team and engineering. It is not a playbook, but rather an overarching guide to the processes that need to happen across the organization around incidents and their resolution. Having an incident response plan helps stop, contain, communicate and resolve incidents more quickly in an efficient manner with greater consistency. Some incidents lead to larger efforts impacting products for days or months. Why have an IRP?Īn incident response plan is a planned course of action for all significant security incidents. This document is the first public, open source Product Security Incident Response Plan created, and we look forward to collaborating with industry partners to improve our security processes. As a result, we have published a template for industry use and consideration. We also decided that we would live true to our open source ethos and obtain feedback from the community. Since Red Hat fosters a culture of innovation, we decided to formalize our own IRP and make it public. ![]() It made sense that Red Hat should put forth the effort to make sure we thoroughly documented our incident response processes to cover our needs and to deliver a more systematic way to analyze and improve our vulnerability reports.Īs we researched how other companies handled the reporting of vulnerabilities, we quickly discovered that there are no open source IRPs for product security. FedRAMP and other regulatory frameworks also require a formal, published IRP. Red Hat does this by providing relevant and accessible information and enabling the larger community to make well-informed decisions about security issues.Īs part of our continuing reviews, Red Hat saw the need to make public a formal incident response plan (IRP) to lead our incident response and vulnerability management. Red Hat leads the tech industry's cutting edge practices for the resolution of cybersecurity issues.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |