Is it possible for a PTF to have no hold except the SECINT? That is to ask, is it likely that a PTF introducing a security issue could be applied because there is no HOLD(ERROR) or even a HOLD(ACTION) which could inform that there is a SECINT for the PFT?
> -----Original Message----- > From: IBM Mainframe Discussion List <[email protected]> On > Behalf Of Kurt J. Quackenbush > Sent: Wednesday, January 18, 2023 11:34 AM > To: [email protected] > Subject: Re: How to determine if Enhanced HOLDDATA received? > > [EXTERNAL EMAIL] > > HOLDDATA with CLASS(SECINT) is only available on the IBM Z Security Portal. > > Who can and cannot obtain access to the IBM Z Security Portal is > documented in this FAQ: > https://urldefense.com/v3/__https://ibm.biz/security-portal- > faq__;!!JmPEgBY0HMszNaDT!udnBZoAidHBU- > nmJaQ0x_rAqjr3sKY3itcxgjYC4xq2ba2WcWInaZ1FXSydmPoc_MhkB6e- > IHCxU$ . > > In short, from the FAQ, "the Security Portal is for IBM clients that have a > licensed IBM Z or LinuxONE mainframe. It is not intended for users of > emulators, such as zPDT, zRD&T, etc. using the z/OS ADCD or z/VM ADCD." > So, a vendor that also has a license can obtain access. No license? No > access. > And I am only a messenger on this topic. > > Kurt Quackenbush > IBM | z/OS SMP/E and z/OSMF Software Management > | [email protected] > > Chuck Norris never uses CHECK when he applies PTFs. > > >> Do you have access to security portal? the information I am looking > >> for are only available there. I was told by IBM that as a vendor, I > >> can't get access to it. See below for details about the cvss info: > >> The HOLDDATA available from the IBM Z and LinuxONE Security Portal > >> adds a new HOLD CLASS, SECINT, and the HOLD SYMPTOMS contains the > CVSS > >> Base and Temporal scores. > > > I am surprised to hear IBM would take a position like that. It seems almost > inconceivable that large vendors like BMC and Broadcom are locked out of > the Secure Portal. > > > My experience has been that an individual working for an IBM Z customer, > with a manager or CISO that will vouch for them, can get access. > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
