----- Original Message -----
From: <barryschra...@cs.com>
Newsgroups: bit.listserv.ibm-main
Sent: Tuesday, June 08, 2010 5:28 PM
Subject: Re: Personal use z/OS machines was Re: Multiprise 3k for personal
Use?
On 8-Jun-2010, Howard Brazee <howard.bra...@cusys.edu> wrote:
>Holes in 3rd party products do not equal holes in z/OS. Get the vendor
>to
>fix his mess.
I don't know if this is necessarily true.
You're right, it's not true. Holes in 3rd party products are holes in the
z/OS system. After a system is penetrated, are you going to say, gee, it
wasn't an IBM error that got us, it was xyz company error. Big deal. Your
system and, therefore your company, was taken.
And, right now, 3rd party vendors are either not aware of the issues or
not
taking them seriously. There are holes in the 3rd party products and
there
are even some holes in z/OS that IBM is working on fixing. Now, the
difference is that IBM, when it is pointed out to them, says, we will fix
it
as we honor the Statement of Integrity. 3rd party vendors sometimes have
to
be pushed and prodded and threatened.
So, what are the holes on your system -- don't you want to know so you can
start taking action to close them? Or would you rather be dumb and happy
until disaster strikes. Then you can just say, gee, I didn't think there
were any serious hole ...
Barry,
It would be nice if someone actually documented a hole, instead of all the
urban legends we hear. Outside the magic SVC, or a trusted person planting
malware in an APF library, I don't know of any "holes". Please share.
Regards,
Tom Conley
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
