Frequently heard saw: If it ain't broke, don't fix it. My ROT: It's always broke. Fix it.
. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 626-302-7535 Office 323-715-0595 Mobile [email protected] -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Joel Ewing Sent: Friday, May 15, 2015 7:07 AM To: [email protected] Subject: Re: Security vulnerability for RSU updates On 05/14/2015 01:27 PM, Mark Jacobs - Listserv wrote: > As a general rule, the higher the RSU level the more security and > integrity fixes will be included. The only way you'll know for sure is > to access IBM's portal and download the "special" holddata. > > https://www14.software.ibm.com/webapp/set2/sas/f/redAlerts/20130227.ht > ml > >> Nathan Astle <mailto:[email protected]> May 14, 2015 at 2:14 PM Hi >> >> Are any relationship for security vulnerability with having recent RSU ? >> Precisely is there a dependency for security on every RSU updates ? >> >> Nathan >> ... Don't expect the repair of all security bugs to be nicely synchronized with RSU levels. An RSU level implies a higher level of confidence in the quality of a collection of PTFs, in that a greater amount of system testing has been done, but it doesn't preclude existence of other bugs. At any given time there are always any number of unknown or not-yet-reported bugs in z/OS, some of which could be security related, including that point in time that is the cutoff date for RSU-level maintenance. Fortunately security bugs are rare and even then the exposure may only affect some installations. I thought the best bet to stay on top of z/OS security vulnerability issues these days was to "subscribe" to IBM notifications for z/OS security alerts. Security alerts aren't that common, but that way you get the earliest possible notification of known problems that might be an exposure for your installation -- and less risk of missing a rare occurrence than periodic checking of HOLD data or just aiming for some arbitrary closeness to the most current maintenance level. -- Joel C. Ewing, Bentonville, AR [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
