Anti-virus software is a good idea but as we've seen, they must be constantly updated and always on the search for new threats. They only work as good as the known threats and those things the products considers to be a threat. Maybe it doesn't flag Omegamon or Mainview functionality that allows a user to modify storage. How about very obscure exposures that you can't know about unless someone see's it and says something. E.g. protected because it's rarely used and requires specific information. Maybe it needs a specific storage key. Maybe it must be below the line or in a specific subpool. How about unintentional exposures by storage overlay errors. It's impossible to find every exposure.
Jon Perryman. >________________________________ > From: Ray Overby <ray.ove...@kr-inc.com> > > > >There is a software product called z/Assure Vulnerability Analysis >Product that will allow a z/OS installation to identify >exposures/vulnerabilities in IBM, ISV, and installation written code. >With this software product you can systematically check to see if an >exposure has been introduced with maintenance or a new release. > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN