On 14 Apr 2010 12:13:53 -0700, in bit.listserv.ibm-main you wrote: >On Wed, 14 Apr 2010 16:01:52 -0300 Clark Morris <cfmpub...@ns.sympatico.ca> >wrote: > >:>Also given the problem found with SMP/E, I would hope that IBM and >:>other vendors are checking to see if there are similar exposures in >:>other utilities and services. > >Only possible if IBM tells what the exposure is.
Making the drastic assumption that the various groups WITHIN IBM can communicate on the exposure, then IBM can check to see if there are similar exposures in other functions. In terms of the third party vendor, it gets to be tricky. I would assume that at least CA would have to be made aware of the type of exposure. Who is responsible if a similar hole in Vendor x system type software is exploited because of a presumed underlying hole in IBM software and a SOX, data compromise or other bad event occurs? If I understand this thing correctly, the effect of this APAR is to restrict the exploitation of this hole, intentionally or inadvertently, to authorized people. That might mean we should restrict SMP access so as to exclude people who have a talent for finding flaws without looking for them. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
