--------------------------<snip>--------------------------
From time to time I read on the list about companies which demand ISVs
to provide source code for SVC routines to analyze it from security
point of view. While I don't know to much about z/OS 'guts', I'm
wondering what is the reason for that?
--------------------------<unsnip>------------------------
There are right ways and wrong ways to accomplish almost anything. The
right way minimizes risk of outage or security breach. The wrong way(s)
can leave you twisting slowly in the breeze, with system outages, trade
secrets at risk, unhappy (or worse) customers and possibly very serious
financial losses. Not to mention, here in the US, serious government
sanctions for lack of privacy protection, etc.
---------------------------<snip>---------------------------
Last, but not least - neither SVC, nor 'regular' APF-authorized program
can do anything illegal when not instructed, so unless ISV folks
unlimited access to prod system it is like dangerous knife in my safe.
---------------------------<unsnip>------------------------
APF-authorized programs can be every bit as dangerous as SVC routines,
for all the same reasons. No safe is completely secure, no matter how
strongly built or how heavily guarded.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
