You should explain to your auditors: anyoine can give any name they like
to any program. The FUNCTION and CAPABILITIES of a program are FAR more
important than the name. Is it APF authorized? is the loadlib APF
authorized? Without proper authorization, with respect to z/OS rules,
it's not very likely to compromise anything other than the programmer
who MIGHT have included malicious content. (CAN HIS ASS.) Like
Shakespeare said, "A rose by any other name would smell as sweet."
Next step: find auditors that are computer-literate, so that they can
understand these "nuances". :-)
Mark Baron wrote:
Rick -
Your analysis is exactly correct - that is precisely what we have been asked
to do (by the auditors).
Thanks for confirming my suspicions.
Mark
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
--
Rick
--
Remember that if you’re not the lead dog, the view never changes.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
