I don't believe this tool would be appropriate for the OP as it detects system objects (for the lack of a better term) that allow inappropriate privilege elevation or storage access. Application code would not benefit from this tool.
On Sat, 8 Dec 2018 11:13:46 -0600 Steve Beaver <[email protected]> wrote: :>I have known Ray Overby for years. :> :>He has a tool that he leases that more looks at the zOS and zOS Program Product level :> :>-----Original Message----- :>From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Richard Way :>Sent: Friday, December 7, 2018 4:39 PM :>To: [email protected] :>Subject: Re: Code vulnerability :> :>I currently work for Micro Focus, and we have the "Fortify" product line. I am NOT in that group, however, and I really don't know if it does what you are looking for or not - although I know it does have support for scanning mainframe COBOL for vulnerabilities. I don't know about HLASM. :> :>Something you may want to explore, if you haven't already investigated it. :> :>Rich Way :> :>-----Original Message----- :>From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Steve Smith :>Sent: Friday, December 07, 2018 2:14 PM :>To: [email protected] :>Subject: Re: Code vulnerability :> :>Depends on what kind of vulnerability you're looking for. z/OS itself isn't the only valuable thing you have. :> :>sas :> :>On Fri, Dec 7, 2018 at 2:11 PM Charles Mills <[email protected]> wrote: :> :>> Ray Overby at Key Resources, Inc. :>> :>> Charles :>> :>> :>> -----Original Message----- :>> From: IBM Mainframe Discussion List [mailto:[email protected]] :>> On Behalf Of scott Ford :>> Sent: Friday, December 7, 2018 10:04 AM :>> To: [email protected] :>> Subject: Code vulnerability :>> :>> All, :>> :>> We write in Enterprise Cobol and HLASM and had a reseller asked us if :>> we scanned our Cobol code and HLASM code for vulnerabilities ..Does :>> software for this exist ? I know according to one of our people :>> Sonarcube can do Cobol scans, but is expensive , like $50000. :>> :>> Has anyone heard on any other software does this function and what :>> would they be looking for since we dont use and third party libraries ? :>> :>> Best Regards, :>> :>> *IDMWORKS * :>> :>> Scott Ford :>> :>> z/OS Dev. :>> :>> :>> :>> :>> By elevating a friend or Collegue you elevate yourself, by demeaning :>> a friend or collegue you demean yourself :>> :>> :>> :>> www.idmworks.com :>> :>> [email protected] :>> :>> Blog: www.idmworks.com/blog :>> :>> :>> :>> :>> :>> *The information contained in this email message and any attachment :>> may be privileged, confidential, proprietary or otherwise protected :>> from disclosure. If the reader of this message is not the intended :>> recipient, you are hereby notified that any dissemination, :>> distribution, copying or use of this message and any attachment is :>> strictly prohibited. If you have received this message in error, :>> please notify us immediately by replying to the message and :>> permanently delete it from your computer and destroy any printout :>> thereof.* :>> :>> ---------------------------------------------------------------------- :>> For IBM-MAIN subscribe / signoff / archive access instructions, send :>> email to [email protected] with the message: INFO IBM-MAIN :>> :>> ---------------------------------------------------------------------- :>> For IBM-MAIN subscribe / signoff / archive access instructions, send :>> email to [email protected] with the message: INFO IBM-MAIN :>> -- Binyamin Dissen <[email protected]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
