On Wednesday, 01/16/2008 at 09:40 EST, "Huegel, Thomas" <[EMAIL PROTECTED]> wrote: > I just can't let this go. > Has anyone ever had some 'WINDOZE' auditor come in and ask if you are > up-to-date with your z/VM security patches from IBM?
In my experience talking to many customers, an auditor is an auditor is an auditor. They know what *they* know. They don't know what *you* know. It often turns out that they aren't *really* Windows auditors, but are just auditors who have never seen anything other than Windows. If they showed up asking to check some registry entries on your Linux box, you'd have a good chuckle, too. But, yes, it is SOP for companies to apply "due diligence" to mainframe software security issues, including z/VM. When we close a security or integrity APAR, it will be placed on an RSU. Note that z/VM 5.3 RSU 0703 contains VM64258 UM32131 CP INTEGRITY APAR (from http://www.vm.ibm.com/service/rsu/esa530.html) You may also see a description of "SECURITY APAR". Alan Altmark z/VM Development IBM Endicott
