On Tue, Jun 18, 2013 at 3:41 PM, Ted MacNEIL <eamacn...@yahoo.ca> wrote:
> If that is such an issue, that you really need that level of assurance, > then don't purchase the software. > > I know of no vendor (large or small) that is the business to steal your > secrets. > > Besides, accessing data is not enough. > Without templates, schema, copybooks, etc., are they going to be able to > understand your data? > > It would take the computer programme that ate Manhattan to have enough > code to decode everything. > I think that Charles is asking the opposite question. He works for a vendor and some of their code runs authorized. He is asking what audit requirements customers typically have for authorized code from small vendors. > > Then, there's finding the data. > How does a single vendor know enough to write code to interpret naming > conventions of DataSets, then read and understand the data? > - > Ted MacNEIL > eamacn...@yahoo.ca > Twitter: @TedMacNEIL > > -----Original Message----- > From: Charles Mills <charl...@mcn.org> > Sender: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> > Date: Tue, 18 Jun 2013 14:37:23 > To: <IBM-MAIN@LISTSERV.UA.EDU> > Reply-To: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> > Subject: Auditing vendor source code > > When you are dealing with vendors of a smaller scale than IBM, BMC or CA, > and you are installing a product that will run APF authorized, how do you > assure yourselves that the product is not stealing your secrets, or > allowing > others to do so (the famous magic SVC)? Do you audit source code? How does > that process work such that it protects the vendor's IP rights while still > satisfying you or your auditors? > > I'm on the vendor side of the equation, but I'm trying to put myself in the > customer's shoes. Replies from either customers or vendors are welcome. > > Thanks, > > Charles > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN