Ulrich Boche wrote:
Recently, I ran a zSecure Audit MVS Tables status scan and one of its
findings was the following:
I have never heard of zSecure.
My question now is, and maybe Ed Jaffe can take a look at that, what
is this SVC doing that it gets such bad press from zSecure? I neither
have the source code of this SVC nor am I among the chosen few who can
judge the security and integrity of SVCs and other authorized code.
However, we need to know if there is an issue here.
Here is an excerpt from our system integrity statement:
"(E)JES maintains MVS system integrity using key controlled storage
protection, TCB dispatchability management, locking, and other
facilities provided by the operating system to ensure users and programs:
o cannot bypass the hardware isolation functions that protect other
users or programs
o cannot obtain control in an authorized execution state
o cannot bypass the system-level security functions provided by IBMs
Security Server (RACF) or OEM equivalent product
Phoenix Software International began using these programming techniques
for (E)JES in 1993. Our commitment to MVS system integrity has remained
unchanged since that time.
Any MVS system integrity exposure found by our customers will be
resolved as a high-severity problem by Phoenix Software International."
If you would like me to send a letter containing this system integrity
statement, please send me the contact details off-list.
--
Edward E Jaffe
Phoenix Software International, Inc
5200 W Century Blvd, Suite 800
Los Angeles, CA 90045
310-338-0400 x318
edja...@phoenixsoftware.com
http://www.phoenixsoftware.com/
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html