In describing this process to 'outsiders', I use the analogy of a broken door lock. Locksmith cannot come right away. So you put up a sign saying that the door cannot be locked, but it's only temporary. You apologize for the any inconvenience.
Not. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW [email protected] -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Seymour J Metz Sent: Wednesday, January 03, 2018 10:05 AM To: [email protected] Subject: (External):Re: Security PTFS I don't see how IBM could provide those data without compromising shops that have not yet installed the PTF. Certainly when I submit whatever the current name for an ETR is, I ask IBM to withhold any compromising details on, e.g., the START command. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Jousma, David <[email protected]> Sent: Wednesday, January 3, 2018 7:52 AM To: [email protected] Subject: Re: Security PTFS Yes, and works relatively well. The problem is our audit/risk people here want to try to tie commonly known vulnerabilities in the wild identified on windows/unix platforms to specific actions/fixes in the mainframe space. I have not figured out a way to do that. So, while we are in a maintenance cycle, I regularly download/receive the z/OS Security/Integrity ASSIGNS, and then apply those PTF's flagged with SOURCEID SECINT. I show them proof that we've done this, and so far they have been good with that. _________________________________________________________________ Dave Jousma Manager Mainframe Engineering, Assistant Vice President [email protected] 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Mark Jacobs - Listserv Sent: Wednesday, January 03, 2018 7:29 AM To: [email protected] Subject: Re: Security PTFS **CAUTION EXTERNAL EMAIL** **DO NOT open attachments or click on links from unknown senders or unexpected emails** The Security and Integrity Portal on ResourceLink should have what you're looking for. > גדי בן אבי <mailto:[email protected]> > January 3, 2018 at 7:18 AM > Hi, > > Does IBM publish a list of PTF’s that are related to security, > especially preventing unauthorized access from outside the mainframe. > > Gadi <snip> Mark Jacobs Time Customer Service Global Technology Services The standard you walk past is the standard you accept. Lt. Gen. David Morrison ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
