name: Red Hat Enterprise Linux Vocabulary
description: >-
  Vocabulary and taxonomy for Red Hat Enterprise Linux APIs covering
  security advisories, CVE management, subscription lifecycle,
  compliance, and vulnerability remediation.
version: '1.0'
created: '2026-05-02'
modified: '2026-05-02'
terms:
  - term: CVE
    definition: >-
      Common Vulnerabilities and Exposures - a unique identifier for a publicly
      disclosed security vulnerability. Format: CVE-YYYY-NNNNN.
    synonyms: [vulnerability, security flaw, security issue]
    relatedTerms: [CVSS, CWE, advisory, errata]

  - term: CVSS
    definition: >-
      Common Vulnerability Scoring System - a standardized method for rating
      the severity of security vulnerabilities on a scale of 0-10.
    synonyms: [vulnerability score]
    relatedTerms: [CVE, CVSS3, threat severity]

  - term: CVSS3
    definition: >-
      Common Vulnerability Scoring System version 3 - the latest version
      of the CVSS standard used by Red Hat for vulnerability severity ratings.
    relatedTerms: [CVSS, CVE]

  - term: CWE
    definition: >-
      Common Weakness Enumeration - a community-developed list of software
      and hardware weakness types that can lead to security vulnerabilities.
    relatedTerms: [CVE, vulnerability]

  - term: Advisory
    definition: >-
      A Red Hat Security Advisory (RHSA), Bug Fix Advisory (RHBA), or
      Enhancement Advisory (RHEA) that bundles one or more package updates.
    synonyms: [errata, RHSA, RHBA, RHEA]
    relatedTerms: [CVE, package, RPM]

  - term: Errata
    definition: >-
      Updates issued by Red Hat to fix bugs, security vulnerabilities, or
      provide enhancements for RHEL packages. Types include Security (RHSA),
      Bug Fix (RHBA), and Enhancement (RHEA).
    synonyms: [advisory, update]
    relatedTerms: [advisory, package]

  - term: Entitlement
    definition: >-
      The right to use a specific Red Hat product or service granted by
      a subscription. Entitlements are attached to systems during registration.
    synonyms: [subscription entitlement]
    relatedTerms: [subscription, system registration]

  - term: Subscription
    definition: >-
      A contract that grants access to Red Hat software, updates, and support
      for a defined period. May cover physical or virtual systems.
    synonyms: [license, contract]
    relatedTerms: [entitlement, SKU, allocation]

  - term: PUUID
    definition: >-
      Platform User ID - a unique, globally unique identifier used across
      Red Hat services to identify a user account. Not to be confused with
      system UUID.
    relatedTerms: [system UUID, registration]

  - term: CPE
    definition: >-
      Common Platform Enumeration - a structured naming scheme for information
      technology systems, software, and packages. Used by OVAL and CVE records.
    synonyms: [platform identifier]
    relatedTerms: [CVE, OVAL, vulnerability]

  - term: OVAL
    definition: >-
      Open Vulnerability and Assessment Language - an XML-based standard for
      representing system information and assessing the presence of
      vulnerabilities. Used by Red Hat for machine-readable security data.
    relatedTerms: [CVE, SCAP, vulnerability scanner]

  - term: SCAP
    definition: >-
      Security Content Automation Protocol - a suite of specifications for
      automating vulnerability management, security measurement, and policy
      compliance. Includes OVAL, XCCDF, CVE, CPE, and CVSS.
    relatedTerms: [OVAL, XCCDF, compliance]

  - term: Insights
    definition: >-
      Red Hat Insights is a SaaS-based analytics service included with RHEL
      subscriptions that provides predictive recommendations for security,
      performance, availability, and compliance.
    synonyms: [Red Hat Insights]
    relatedTerms: [advisor, compliance, vulnerability]

  - term: Remediation
    definition: >-
      The process of fixing an identified issue on a RHEL system, typically
      executed via an Ansible playbook generated by Red Hat Insights.
    synonyms: [fix, patch]
    relatedTerms: [Ansible, playbook, vulnerability]

  - term: Allocation
    definition: >-
      A logical grouping of subscriptions for a specific deployment environment
      such as a Satellite server or automation controller.
    relatedTerms: [subscription, entitlement]

  - term: Service Level
    definition: >-
      The tier of support and SLA for a subscription (e.g., Premium, Standard,
      Self-support). Determines response time and support channels.
    synonyms: [SLA tier, support level]
    relatedTerms: [subscription]

  - term: Threat Severity
    definition: >-
      Red Hat's classification of a CVE's risk level for Red Hat products:
      Low, Moderate, Important, or Critical.
    synonyms: [severity, impact rating]
    relatedTerms: [CVE, CVSS3]

  - term: Fix State
    definition: >-
      The status of a fix for a package affected by a CVE: Affected,
      Will not fix, Fix deferred, Not affected, Out of support scope.
    relatedTerms: [CVE, package, errata]

  - term: Offline Token
    definition: >-
      A long-lived OAuth 2.0 refresh token issued by Red Hat SSO for
      API automation. Valid for 30+ days with regular use.
    synonyms: [refresh token, API token]
    relatedTerms: [OAuth2, authentication, API key]

categories:
  - name: Security
    terms: [CVE, CVSS, CVSS3, CWE, Advisory, Errata, Fix State, Threat Severity, OVAL, SCAP, CPE]
  - name: Subscription Management
    terms: [Entitlement, Subscription, Allocation, Service Level, Offline Token]
  - name: Platform
    terms: [Insights, Remediation, PUUID]