That is quite an amazing concept, checking code in a security audit. I could not even make a wild guess as to how many lines of code there are on my z/VM machine, or where it is all at, or in how many different forms, Assembler, Cobol, REXX,C .. and on and on.
If there ever is such a product perhaps the developer could make mods to it that would catch all coding errors before the 2am production job abends.. -----Original Message----- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] Behalf Of Schuh, Richard Sent: Monday, February 04, 2008 4:19 PM To: [email protected] Subject: Re: Security Scans But it isn't "them" who are going to run it. "They" are (may be) requiring that I do it - twice a year. And, from what I have been piecing together, it is not something that checks ports and the like, it is something that checks code. That is why I questioned its validity in this environment. Regards, Richard Schuh > Let them run it. The vendor used here had to recode for zVM > but they were willing to do so. They still check a few things > (ports being used,
