Understanding security embargoes at Red Hat

Within Red Hat’s Coordinated Vulnerability Disclosure (CVD) framework, an embargo is a strictly-defined window of time during which a security vulnerability is known only to a small group of trusted parties before being made public, including the vulnerability reporter and the relevant upstream community and partners.Why are embargoes necessary? The primary goal of an embargo is customer protection. If a severe vulnerability is disclosed immediately upon discovery by way of “full disclosure” without an available patch, malicious actors have a window of opportunity to exploit systems while us