On Sat, 17 Oct 2015 06:16:47 -0700 (PDT), in bit.listserv.ibm-main you wrote:
>The fact that IBM continues to issue integrity PTFs shows that their code is >not perfect when it comes to integrity and therefore security. Nobody's is. >So, it is possible, by a review of the code, that the Chinese review team can >identify an integrity issue and save that for a later attack on an IBM >customer. This is a big risk. Actually allowing any country to review code is to open an exposure. On the other hand all users have at least some need to verify that code is not exposing them. For those users with high security needs and a large enough budget, having all software in house maybe using open source software as a starting base can make sense. I believed back in the 1970s and 80s that one of the best places to put a spy was in the IBM software creation and distribution system. These comments apply to all countries. It would be interesting to find out which countries and entities are reviewing source code from the various vendors. I believe that Snowden supporters are naive if they believe that other major and not so major countries are not engaged in much the same activities as those he accused the United States NSA and other agencies of committing. If IBM is allowing the Chinese government to review the code, I will guarantee that other governments are also reviewing the code. In addition we know that at least some ISV's have access to at least some of the code under non-disclosure agreements. I leave to you who are citizens of various countries to determine how concerned you should be. Clark Morris > >Barry Schrager >Creator of ACF2 >Member: Mainframe Hall of Fame >www.Enterprisesystemsmedia.com/mainframe-hall-of-fame ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
