Red Hat is leading an initiative allowing software companies to brief users of a US government-backed security database on how far vulnerabilities affect their products.

The Linux vendor has asked that companies can now comment on security holes listed by the National Vulnerability Database (NVD), in order to provide deeper analysis and explanation of the impact problems might have on their products.

Red Hat is understood to have approached Novell, Hewlett-Packard, IBM and Mandriva to support its initiative, but only Mandriva has so far taken advantage of the service.

Red Hat is reported to have acted in the wake of a recently reported error in Apache that allowed unauthorised access to memory. Unlike other Linux companies, Red Hat did not release a patch because its Linux distribution was not affected. However, that did not stop customers from contacting Red Hat for advice.

Red Hat said the new NVD service would allow for timely dissemination of security information, so customers could quickly take action if necessary.

Red Hat security response director Mark Cox said in a statement: "We can now provide official statements about vulnerabilities and their potential impact via a widely recognised mechanism, as well as enable the entire software industry to contribute." ®

Related stories

• Red Hat hack prompts critical OpenSSH update (22 August 2008)
• OpenOffice hits back at viral risk claims (15 August 2006)
• Open source blamed for malware development (18 July 2006)
• Sun eyes open source 'stacks' (6 July 2006)
• MySQL patches security vulns (5 May 2006)
• WCIT US in open source backlash (4 May 2006)
• Developers get busy with open source bugs (5 April 2006)
• Comment Events, dear boy... a view from Apache (29 March 2006)
• Comment As Emperor of Security, I hereby decree... (28 March 2006)
• Homeland Security report tracks down rogue open source code (3 March 2006)