On Sat, 27 Jan 2018 10:05:29 -0500, Peter Relson wrote: >... >If a customer does not have their APF or PARMLIB or LNKLST or LPA >libraries properly protected, that is a different matter entirely, and is >one of the reasons why there is a RACF health check related to APF. >... >The information itself cannot be "exploited". Customer security gaps can >be exploited. > >Security by obscurity (which is what you'd get to a small extent if what >was asked for was implemented) is often only a little better than nothing. > Yes.
But someone mentioned "need to know". If an adninistrator carelessly leaves sensitive information in a readable file, it invites an exploit. Health check is likely not to notice that. Fetch protection narrows the community of exploiters. Security is rarely perfect; not all-or-nothing. The closer the better. The FOSS community takes the view that the more eyes on the code, the sooner a weakness will be recognized, reported, and repaired. The Enterprise community takes the view that the more eyes on code, the more likely a weakness is to be exploited. IBM seems to fall in this category by embargoing integrity defect information long after patches are available. Is that "security by obscurity"? -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
