> I suspect if you put the same number of people at z/OS as anything else
> they would find lots of holes in it.
I suspect you wouldn't.
> z/OS is secure because nobody cares about it. It only takes one person
> to care enough.
z/OS is secure because it has been IBM's officially stated policy ever since OS/VS2
Version 2
first shipped that all APARs describing integrity exposures would be unconditionally
accepted:
MVS B1 SUPPORT: Selected MVS/ESA products, collectively called a
trusted computing base (TCB), were evaluated by the United States
Department of Defense's National Computer Security Center (NCSC),
found to meet the criteria for a B1 level of trusted system, and
posted on the Evaluated Product List in September 1990. The
following products, along with specific service, were evaluated in 1990:
o MVS/SP-JES2 Version 3 Release 1.3
o MVS/SP-JES3 Version 3 Release 1.3
o MVS/DFP Version 3 Release 1.1
o ACF/VTAM Version 3 Release 3
o TSO/E Version 2 Release 1.1
o RACF Version 1 Release 9
o PSF/MVS Version 1 Release 3
For more information on the IBM MVS/ESA JES2 and JES3
Security System Packages, refer to Software Announcement 290-497,
MVS/ESA PLANNING: B1 SECURITY for MVS/SP Version 3 (GC28-1800),
or contact your IBM representative.
--
Phil Payne
http://www.isham-research.com
+44 7785 302 803
