W dniu 09.12.2020 o 22:58, Frank Swarbrick pisze:
I have downloaded and installed in my personal z/OS Unix directory curl and a few other
z/OpenSource tools from Rocket Software. I have asked my z/OS security guy if we can go ahead and
have our systems group (outsourced to IBM zCloud) "officially" install them. He came
back with the following: "My question is how do we approve, track and secure the open source
code we are putting on z/OS?"
Does anyone have suggestions on answering this concern?
Timothy gave you good answer.
However I dare to share my comments:
1. It is NOT matter of open-source or closed source.
2. There is difference between freeware and open source. Freeware can be
closed source and open source can be licensed. And licensed is usually
paid, but it need not to be.
3. IMHO the most important is the support. It need not be contractual
(usually paid) formal support, but as with many other tools (Firefox,
java in the old years). CBT tools are not supported and usually the
update process is slow or none. However tools from one-man-band-company
are also "suspected" in terms of support.
4. Is the tool a part of airplane or just bicycle? In other words how
crucial for the production it is. Some tools are very useful, but lack
of them would not stop production. It would make things harder.
5. Security issues. Many "insecure products" provide no risk at all when
used in controlled, closed, isolated environment. It is important to
understand the vulnerabilities.
--
Radoslaw Skorupka
Lodz, Poland
======================================================================
Jeśli nie jesteś adresatem tej wiadomości:
- powiadom nas o tym w mailu zwrotnym (dziękujemy!),
- usuń trwale tę wiadomość (i wszystkie kopie, które wydrukowałeś lub zapisałeś
na dysku).
Wiadomość ta może zawierać chronione prawem informacje, które może wykorzystać
tylko adresat.Przypominamy, że każdy, kto rozpowszechnia (kopiuje, rozprowadza)
tę wiadomość lub podejmuje podobne działania, narusza prawo i może podlegać
karze.
mBank S.A. z siedzibą w Warszawie, ul. Prosta 18, 00-850 Warszawa,www.mBank.pl,
e-mail: [email protected]. Sąd Rejonowy dla m. st. Warszawy XII Wydział
Gospodarczy Krajowego Rejestru Sądowego, KRS 0000025237, NIP: 526-021-50-88.
Kapitał zakładowy (opłacony w całości) według stanu na 01.01.2020 r. wynosi
169.401.468 złotych.
If you are not the addressee of this message:
- let us know by replying to this e-mail (thank you!),
- delete this message permanently (including all the copies which you have
printed out or saved).
This message may contain legally protected information, which may be used
exclusively by the addressee.Please be reminded that anyone who disseminates
(copies, distributes) this message or takes any similar action, violates the
law and may be penalised.
mBank S.A. with its registered office in Warsaw, ul. Prosta 18, 00-850
Warszawa,www.mBank.pl, e-mail: [email protected]. District Court for the Capital
City of Warsaw, 12th Commercial Division of the National Court Register, KRS
0000025237, NIP: 526-021-50-88. Fully paid-up share capital amounting to PLN
169.401.468 as at 1 January 2020.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
