For us, the vendor must be a party to non disclosure contracts. Even so, we are facing increased requirements that we, in turn, have to pass on the vendor. For example, do we have to insist that the dump be encrypted while stored on the vendor's DASD? How do we know that is happening? If that data is somehow compromised, who takes the beating?
While we know a lot of this goes past the point of decreasing return all the way into silliness, we are having to pay the price of cheap PC based solutions and auditors on power trips that either can't tell the difference, don't care, or both. C'mon retirement!! -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Horenstein Sent: Wednesday, July 26, 2006 9:02 AM To: [email protected] Subject: snding svc dumps Let us say you have an svc dump that a vendor needs to debug a prolem. Given that svc dumps can contain sensitive data, in particular likely passwords in a dump generated by an ftp server, I was wondering how other sites typically handle this. -Jeff NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
