On Tuesday, 04/24/2007 at 12:51 MST, "Schuh, Richard" <[EMAIL PROTECTED]> wrote: > I am more interested in documented cases of hackers actually penetrating > a system. I am especially interested in penetrations of VM/ESA or later > systems.
z/VM has a Common Criteria EAL3+ certification (z/VM 5.3 is intended to be EAL4 later this year). The z/VM Secure Configuration Guide will help you configure the system in a secure way. Penetration testing of a z/VM system continues to be a futile effort and no customer has reported such a problem to us. DISCLAIMER: As you might expect, IBM does not claim that you cannot hack into a z/VM system, but simply that we have found none to date and none have been reported to us. Yes, there have been Security/Integrity APARs, but no reports of break-ins. But consider, too, that a vulnerability analysis is just one element of the overall security "ecosystem". Alan Altmark z/VM Development IBM Endicott