There's considerable chatter on the Net about recent Java security exploits:
http://www.kb.cert.org/vuls/id/625617 http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html I note that the CERT page thwarts IBM's policy of security-by-obscurity by publishing considerable detail. But is z/OS vulnerable? I suppose IBM won't say. We must just until and if IBM issues an APAR with conspicuously insufficient information. What is the provenance of z/OS Java? Is it maintained by Oracle (I suspect not), or by IBM from source code obtained from Oracle (on what terms?) The Oracle page avers that it addresses only browsers (mostly Windows), not stand-alone Java apps. This is likely sufficient for the masses, for whom the computer _is_ the browser, and the Internet _is_ the WWW, but perhaps not for us. I wonder what happens if a JavaScript exposure requires browser suppliers to disable all JavaScript, and users are uable to get to PayPal? -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN