Thanks, Alan. That is about what I thought. It stands to reason that if there is a successful penetration, IBM will hear about it so that a security fix can be created.
Regards, Richard Schuh -----Original Message----- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Alan Altmark Sent: Wednesday, April 25, 2007 7:56 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Hackers On Tuesday, 04/24/2007 at 12:51 MST, "Schuh, Richard" <[EMAIL PROTECTED]> wrote: > I am more interested in documented cases of hackers actually penetrating > a system. I am especially interested in penetrations of VM/ESA or later > systems. z/VM has a Common Criteria EAL3+ certification (z/VM 5.3 is intended to be EAL4 later this year). The z/VM Secure Configuration Guide will help you configure the system in a secure way. Penetration testing of a z/VM system continues to be a futile effort and no customer has reported such a problem to us. DISCLAIMER: As you might expect, IBM does not claim that you cannot hack into a z/VM system, but simply that we have found none to date and none have been reported to us. Yes, there have been Security/Integrity APARs, but no reports of break-ins. But consider, too, that a vulnerability analysis is just one element of the overall security "ecosystem". Alan Altmark z/VM Development IBM Endicott