On 24 April 2011 21:13, john gilmore <[email protected]> wrote: > The thrust of my comments was that the preoccupation of auditors with SVCs, > all but to the exclusion of concern with PC-PR constructs, is both > unfortunate and shortsighted.
This preoccupation lends support to the theory that all auditors are working from a z/OS playbook written somewhere around 1978. I still have a mildly sarcastic but acceptably polite letter I wrote in the early 1980s in response to audit recommendations that such "powerful and dangerous" programs as AMASPZAP and IEHINITT be removed from the system, so the playbook was well and truly stale even then. > In the cryptography community it is a commonplace that one must never assume > that the opposition is not smart enough to make effective of some piece of > cutting-edge technology. It is better, i.e., safer, to assume that they are > as smart as you are. By coincidence the at-least-analogous Shneier's Law has recently been revisited by Schneier himself: http://www.schneier.com/blog/archives/2011/04/schneiers_law.html Tony H. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
