Compiler Collaboration In Product Security
Apr 2, 2026
Jeremy West, who leads Red Hat's product security incident response team, brings expertise in vulnerability response and secure development. He discusses transparency in publishing vulnerabilities, machine-readable advisories like CSAF and VEX, rare embargoes, shared accountability for applying patches, and the importance of upstream collaboration and secure-by-design practices.
AI Snips
Chapters
Transcript
Episode notes
Publish Vulnerabilities Quickly To Empower Customers
- Publish vulnerability information quickly to empower customers to assess risk.
- Jeremy West says Red Hat posts advisories within 24 hours, even before fixes, so customers can prioritize remediation.
Tell Customers Affected Status Even Without A Fix
- Inform customers early so they can prioritize risk even before fixes exist.
- Jeremy West explains publishing affected status quickly helps customers decide remediation priorities ahead of fixes.
Accountability Beats Blame In Incident Response
- Accountability beats blame because blame destroys goodwill and discourages help.
- Jeremy West explains focusing on fixing problems and shared responsibility (including customers applying patches) leads to better outcomes.