In <[email protected]>, on 06/19/2013
at 01:39 PM, Andrew Rowley <[email protected]> said:
>How many vendors do allow you to audit their authorized code? I know
>IBM is very reluctant to divulge any information that might allow
>you to exploit a vulnerability.
Until OCO IBM provided customers with full access to the source code.
What they controlled was the details of security APAR's. I would not
expect any responsible vendor to publish a list of known security
exploits, just the fixes.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
Atid/2 <http://patriot.net/~shmuel>
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
