You can also try http://secunia.com/community/advisories/
-------------------------------------------------------------------------- This email message and any accompanying materials may contain proprietary, privileged and confidential information of CIT Group Inc. or its subsidiaries or affiliates (collectively, "CIT"), and are intended solely for the recipient(s) named above. If you are not the intended recipient of this communication, any use, disclosure, printing, copying or distribution, or reliance on the contents, of this communication is strictly prohibited. CIT disclaims any liability for the review, retransmission, dissemination or other use of, or the taking of any action in reliance upon, this communication by persons other than the intended recipient(s). If you have received this communication in error, please reply to the sender advising of the error in transmission, and immediately delete and destroy the communication and any accompanying materials. To the extent permitted by applicable law, CIT and others may inspect, review, monitor, analyze, copy, record and retain any communications sen! t from or received at this email address. -------------------------------------------------------------------------- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Mark Jacobs Sent: Tuesday, May 08, 2012 11:28 AM To: IBM-MAIN@bama.ua.edu Subject: Re: [IBM-MAIN] National Vulnerability Database (NVD) Search for Mainframe Vulnerabilities Take a look at http://www-03.ibm.com/systems/z/advantages/security/integrity_sub.html This page sets forth the current process for providing a System z customer and/or its authorized representative with access to security/integrity information for System z (currently z/OS and z/VM), including HOLDDATA for z/OS. On 05/08/12 11:06, Pascoe, Raymond M wrote: > Not sure if this forum is the appropriate place to ask this question, so please advise. > > We have been requested by the Centers for Medicare and Medicaid, as a part of our mainframe compliance program (using NIST and DISA STIGs) , to use the national vulnerability database http://web.nvd.nist.gov/view/vuln/search to identify vulnerabilities which affect the zOS operating system running on the IBM mainframe. > > Is the National Vulnerability Database the right place to look for zOS vulnerabilities in the first place? > > We are primarily looking for vulnerabilities for zOS operating system, but would also be interested in searching for vulnerabilities in third party software packages from vendors such as CA Technology. > > Any guidance and/or the appropriate keyword search(es) for the NVD which can be used to meet this objective would be appreciated. > > -Ray > > Raymond M. Pascoe, CISSP > Risk, Compliance and Monitoring > *Office: 412-544-6261 > *e-mail: raymond.pas...@highmark.com > > > > > -- Mark Jacobs Time Customer Service Tampa, FL ---- Learn from yesterday, live for today, hope for tomorrow. The important thing is to not stop questioning. - Albert Einstein ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
