John Gilmore wrote: <snip>
Auditors are, legitimately, preoccupied with computer security, and some PTFs address security issues. In the current climate a formal procedure for recording a decision not to apply a PTF (and noting a supporting reason code for this decision) should be in place. Moreover, a policy that 'ages' all PTFs for, say, 60 days is at least as simple-minded as one that applies them unthinkingly.
<snip>
Security PTFs are an entirely different kettle of fish. You can register to get notifications and CVSS V2 scorings for security and system integrity PTFS. The scorings are intended to help you decide how long to wait before installing them. (As usual, no detail about the exposures themselves is provided.)
z/OS customers can get more details, and register, here: http://www.vm.ibm.com/security/aparinfo.html -- John Eells z/OS Technical Marketing IBM Poughkeepsie ee...@us.ibm.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
