If that is such an issue, that you really need that level of assurance, then don't purchase the software.
I know of no vendor (large or small) that is the business to steal your secrets. Besides, accessing data is not enough. Without templates, schema, copybooks, etc., are they going to be able to understand your data? It would take the computer programme that ate Manhattan to have enough code to decode everything. Then, there's finding the data. How does a single vendor know enough to write code to interpret naming conventions of DataSets, then read and understand the data? - Ted MacNEIL eamacn...@yahoo.ca Twitter: @TedMacNEIL -----Original Message----- From: Charles Mills <charl...@mcn.org> Sender: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> Date: Tue, 18 Jun 2013 14:37:23 To: <IBM-MAIN@LISTSERV.UA.EDU> Reply-To: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> Subject: Auditing vendor source code When you are dealing with vendors of a smaller scale than IBM, BMC or CA, and you are installing a product that will run APF authorized, how do you assure yourselves that the product is not stealing your secrets, or allowing others to do so (the famous magic SVC)? Do you audit source code? How does that process work such that it protects the vendor's IP rights while still satisfying you or your auditors? I'm on the vendor side of the equation, but I'm trying to put myself in the customer's shoes. Replies from either customers or vendors are welcome. Thanks, Charles ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN