I don't see how IBM could provide those data without compromising shops that have not yet installed the PTF. Certainly when I submit whatever the current name for an ETR is, I ask IBM to withhold any compromising details on, e.g., the START command.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Jousma, David <[email protected]> Sent: Wednesday, January 3, 2018 7:52 AM To: [email protected] Subject: Re: Security PTFS Yes, and works relatively well. The problem is our audit/risk people here want to try to tie commonly known vulnerabilities in the wild identified on windows/unix platforms to specific actions/fixes in the mainframe space. I have not figured out a way to do that. So, while we are in a maintenance cycle, I regularly download/receive the z/OS Security/Integrity ASSIGNS, and then apply those PTF's flagged with SOURCEID SECINT. I show them proof that we've done this, and so far they have been good with that. _________________________________________________________________ Dave Jousma Manager Mainframe Engineering, Assistant Vice President [email protected] 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Mark Jacobs - Listserv Sent: Wednesday, January 03, 2018 7:29 AM To: [email protected] Subject: Re: Security PTFS **CAUTION EXTERNAL EMAIL** **DO NOT open attachments or click on links from unknown senders or unexpected emails** The Security and Integrity Portal on ResourceLink should have what you're looking for. > גדי בן אבי <mailto:[email protected]> > January 3, 2018 at 7:18 AM > Hi, > > Does IBM publish a list of PTF’s that are related to security, > especially preventing unauthorized access from outside the mainframe. > > Gadi > לתשומת ליבך, בהתאם לנהלי חברת מלם מערכות בע"מ ו/או כל חברת בת ו/או > חברה קשורה שלה (להלן : "החברה") וזכויות החתימה בהן, כל הצעה, התחייבות > או מצג מטעם החברה, מחייבים מסמך נפרד וחתום על ידי מורשי החתימה של > החברה, הנושא את לוגו החברה או שמה המודפס ובצירוף חותמת החברה. בהעדר > מסמך כאמור (לרבות מסמך סרוק) המצורף להודעת דואר אלקטרוני זאת, אין > לראות באמור בהודעה אלא משום טיוטה לדיון, ואין להסתמך עליה לביצוע פעולה > עסקית או משפטית כלשהי. Please note that in accordance with Malam > and/or its subsidiaries (hereinafter : "Malam") regulations and > signatory rights, no offer, agreement, concession or representation is > binding on the Malam, unless accompanied by a duly signed separate > document (or a scanned version thereof), affixed with the Malam seal. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to [email protected] with the message: INFO IBM-MAIN > > > > Please be alert for any emails that may ask you for login information > or directs you to login via a link. If you believe this message is a > phish or aren't sure whether this message is trustworthy, please send > the original message as an attachment to '[email protected]'. > -- Mark Jacobs Time Customer Service Global Technology Services The standard you walk past is the standard you accept. Lt. Gen. David Morrison ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN **CAUTION EXTERNAL EMAIL** **DO NOT open attachments or click on links from unknown senders or unexpected emails** This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
