Where to Start: Establish a relationship with the ProdSec Security Architect assigned to the program to complete RH-SDL requirements. If you do not have a Security Architect, request one by submitting form: https://url.corp.redhat.com/start-sdl

Introduction:
Red Hat is a trusted open source software vendor chosen as part of our customers’ supply chain. This trust has to be earned and demonstrated through the secure development and incident response for our products and services, telling a compelling story that our customers and partners can verify. The Red Hat Secure Development Lifecycle (RH-SDL) implementation plan provides clear and actionable tasks and workflows to implement security controls, that Red Hat Engineering adopts during the lifecycle of an offering to improve its security posture.
The scope of the RH-SDL includes all products, managed and online services, operators, and other code that is:
Released or operated by Red Hat
Supported by Red Hat
Offered to customers

Complete RH-SDL requirement by ProdSec: https://docs.google.com/document/d/1QMrM5ac2sbecmy7lYHA8S6p8L8ivVwHlgdcspy-Z4VE/edit#heading=h.66y4kqbj468a

Responsible: Product Management/Engineering/Program Management
Consulted: Product Security