Dedicated to the security of Ubuntu
Since its inception in 2004, Ubuntu has been built on a foundation of enterprise-grade, industry leading security practices. From our toolchain to the suite of packages we use and from our update process to our industry standard certifications, Canonical never stops working to keep Ubuntu at the forefront of safety and reliability.
Secure out of the box
All Canonical products are built with unrivalled security in mind — and tested to ensure they deliver it. Your Ubuntu software is secure from the moment you install it, and will remain so as Canonical ensures security updates are always available on Ubuntu first.
Secure by process
Canonical's team of security experts react fast to threats constantly reviewing and fixing vulnerabilities. They also develop security features and best practices that are rolled into all Canonical products.
Canonical offers a range of tools to enable organisations to manage their desktop fleet and cloud with specific compliance requirements. A FIPS (Federal Information Processing Standard) certified version of Ubuntu is also available to comply to US government standards.
FIPS certification and CIS compliance with Ubuntu
Learn about Ubuntu CIS and FIPS certified components to enable operating under compliance regimes like FedRAMP, HIPAA, PCI and ISO. Get all of your compliance questions answered in our upcoming webinar to ensure you and your team are, and remain, compliant.
Find out more
No system is 100% secure and vulnerabilities will always arise. What matters is the speed and success with which they are resolved — and nobody makes fixes available faster than Canonical.
Security updates are provided for five years for long term support (LTS) releases. With the default configuration for unattended upgrades (16.04 and after), these updates get applied to your system automatically.
The Canonical Livepatch Service enables live automatic security fixes to the kernel without rebooting. This service reduces unplanned downtime while maintaining compliance and security.
10 years of support
A new LTS (Long Term Support) version of Ubuntu is released every two years, for desktop and server. Both versions receive updates and are supported for up to ten years.
For users of Ubuntu 14.04 and 16.04 LTS, Canonical offers Extended Security Maintenance (ESM) to provide vulnerability fixes and livepatches through a secure and private archive.
Ubuntu is certified to US government standards by FIPS (Federal Information Processing Standard) to ensure compliance and tougher security.
Designed to be secure
Linux is based on Unix. It inherits Discretionary Access Control and includes Mandatory Access Control via AppArmor.
LXD containers, libvirt VMs and OpenStack VMs are protected by AppArmor by default. A rich set of profiles are provided so users can opt-in to protection for other applications.
Secure snap packages
Software packages delivered as strict-mode snaps are fully confined using AppArmor, device cgroups, and seccomp.
Learn how ITstrategen keeps their applications secure with Ubuntu
The security of customer data is of the utmost importance to ITstrategen, which is why Ubuntu is their server operating system of choice.Read the case study
Ubuntu is trusted by
Learn more about Ubuntu security
Helping you manage security
Every Long Term Support (LTS) release of Ubuntu comes with five years of free security and maintenance updates. Canonical also offers a number of additional products and services to help manage the security of your Ubuntu systems.
Reduce downtime and unplanned work
The Canonical Livepatch service eliminates the need for unplanned maintenance windows for high and critical severity kernel vulnerabilities by patching the Linux kernel while the system runs. Reduce fire drills while keeping uninterrupted service with Canonical Livepatch service for up to ten years.
Be compliant and FIPS certified
Developing and running workloads for high security and government regulated environments requires a long and expensive validation process. Reduce your accreditation timeline and pass on your validation costs with the FIPS 140 and Common Criteria certifications available with Ubuntu Advantage and Pro.
Manage security updates with Landscape
Landscape is the leading management tool to deploy, monitor and manage your Ubuntu servers and desktops. Landscape gives the ability to centrally view and manage the security updates that have been applied to their systems and, critically, the security updates which have not yet been applied.
Extend your Ubuntu security maintenance
Following the end-of-life of Ubuntu 14.04 LTS and Ubuntu 16.04 LTS, Canonical offers Extended Security Maintenance (ESM), to Ubuntu Advantage and Pro customers to provide important security fixes for the kernel and essential user space packages. These updates are delivered via a secure, private archive exclusively available to Canonical customers.
All of our security products are available for a one off fee or they are all included in our Ubuntu Advantage support packages.
Ubuntu Advantage is the professional package of tools, technology and expertise from Canonical, helping organisations around the world get the most out of their Ubuntu deployments. It includes access to:
- Livepatch: automatic kernel security hotfixes without rebooting
- FIPS: certified cryptographic modules available for compliance requirements
- Landscape: the systems management tool for using Ubuntu at scale
- Extended Security Maintenance: critical security updates after Ubuntu end-of-life
- Knowledge Base: a private archive of expert-written articles and tutorials
- Support: phone and web-based support at multiple service levels
To support those using Ubuntu in schools, research and academia, Canonical is pleased to offer a discount programme for approved institutions. Please mention your interest in this programme in your conversations with our team.
Talk to a member of our team
We can recommend a security solution that best suits the needs of your organisation.
Ubuntu security disclosure policy
Canonical and the Ubuntu Security Team participate in responsible disclosure and collaborate with the wider community on security issues. For more information on how to contact the Ubuntu Security Team and expectations, please refer to our Ubuntu Security disclosure and embargo policy.