I think in terms of auditing the source code for nefarious operations, there is a kind of “mutual assured destruction” principle at work here. If a vendor was so careless with their source code as to allow some kind of scam to be done with their code, the ensuing scandal would simply ruin that vendor. In the interest of self-preservation no vendor would ever allow their code to be misused in such a way.
Interesting that this should come up at this time. We just recently had one of our highest-revenue customers request a description of the function of each load module in our APF libraries. We provided between 2 and 6 words per module, and that satisfied their auditor. IBM publishes the same type of information – http://www-03.ibm.com/systems/z/os/zos/features/lang_environment/assist/modr9nic.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
