On Sun, 17 Jun 2007 00:37:02 -0400 "Craddock, Chris" <[EMAIL PROTECTED]> wrote:
:>Ken Tomiak said :>> <<>>Or the system programmer has to justify the behaviour to an :>auditor and :>> the vendor did not provide an easily understood explanation of why :>SUB=MSTR or :>> an IEFSSNxx entry is required. :>That pretty much makes my point. If they don't understand what either of :>those things mean, then any number of pages explaining why it's :>necessary are going to be essentially worthless. Ask me how I know :-( There are changes, and there are changes. An IEFSSN restriction does not make much sense. One cannot bypass security with it. :>I also find it depressingly ironic that customers (righteously) require :>us to play by the rules of the architecture and operating system and :>then go all whiny and crybaby on us when doing the aforementioned "right :>thing" means they have to make a one line change in a parmlib member. :>You would think we were asking them to consign first born children into :>slavery. :>And being treated like a giant doofus who's just aching to knock down :>western civilization along the way just puts frosting on the cake. My :>tolerance for calm rational exposition goes downhill very quickly in :>those situations. And having done that same job myself a good many years :>earlier, I have a lot of trouble mustering any sympathy for their :>position. :>I tend to believe that having the keys to the family Buick ought to :>signify the holder is at least knowledgeable enough to get the key in :>the thing and be able to back it out the driveway without having the :>owner's manual and a "Buick Controls for Dummies" book open on the front :>seat. There have been quite a few products that have included "special" SVCs because the developers were too lazy/uneducated to do things the right way. You don't want to give the keys to someone who will leave them in the ignition when shopping in the mall. :>Draw any analogy you want to other systems programmers (or auditors) :>that you have known over the years. Of course none of this august body :>would ever fall into that group though right? As above. -- Binyamin Dissen <[EMAIL PROTECTED]> http://www.dissensoftware.com Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
