We are changing the way we display vulnerabilities, from RHSA and ALAS to present issues based on the CVEs as part of an ongoing effort to improve our container security data.
Prior to these changes, we have provided information only through Red Hat Security Advisory (RHSA) and Amazon Linux Security Advisories (ALAS), both of which are collections of fixed CVEs.
The following are some of the key features of this change:
- Enhanced accuracy by showing CVEs - Instead of presenting a consolidated single advisory, which may cover more than one CVE, we will now show each CVE separately. In addition, for Red Hat Enterprise Linux we will now show both fixed and unfixed CVEs, whereas the RHSA only shows fixed CVEs. For Amazon Linux, we will still only support fixed CVEs at this time.
- Showing individual CVEs allows us to provide enriched vulnerability metadata on these CVEs, like Exploit Maturity, Social Trends and more.
- In addition, we will also provide the severity of the issues as evaluated by the Red Hat Security Team (Low, Moderate, Important, Critical), as part of the Relative Importance feature.
- Once the rollout is over, the old data will not be available.
- The number of issues might increase significantly as a result of the change. If you use the Reports function you may see a spike in issues.