http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List on behalf of
Rugen, Len
Sent: Saturday, December 8, 2018 1:18 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Code vulnerability
I guess you could write assembler code entirely with
DC
That's actually not crazy, and matches what Tripwire and friends do IIRC.
As opposed to a long-ago QA person who would compare each file from each
release and demand explanations for each new or changed file. Since this
was VM and the products included source code, the conversation would go
like t
On Sat, 8 Dec 2018, at 19:28, Paul Gilmartin wrote:
> "ZAP" is a key word. How does one guarantee that any program in any language
> hasn't been ZAPped after passing audit?
Twenty years or so ago the bank I worked at ran an audit tool which stored
a hash or checksum of every loadmodule, and each
On Sat, 8 Dec 2018 21:09:42 +0200, Binyamin Dissen
wrote:
>I don't believe this tool would be appropriate for the OP as it detects system
>objects (for the lack of a better term) that allow inappropriate privilege
>elevation or storage access. Application code would not benefit from this
>tool.
On Sat, 8 Dec 2018 18:18:04 +, Rugen, Len wrote:
>I guess you could write assembler code entirely with
> DCX'.'
>
Don't do that!
RLDs? Location independent code?
>The use ZAP to maintain it :-)
>
"ZAP" is a key word. How does one guarantee that any program in any langua
ember 7, 2018 4:39 PM
:>To: IBM-MAIN@LISTSERV.UA.EDU
:>Subject: Re: Code vulnerability
:>
:>I currently work for Micro Focus, and we have the "Fortify" product line. I
am NOT in that group, however, and I really don't know if it does what you are
looking for or no
I guess you could write assembler code entirely with
DCX'.'
The use ZAP to maintain it :-)
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the mes
-MAIN@LISTSERV.UA.EDU
Subject: Re: Code vulnerability
I currently work for Micro Focus, and we have the "Fortify" product line. I am
NOT in that group, however, and I really don't know if it does what you are
looking for or not - although I know it does have support for scanning
main
As another candidate, AppScan Source supports COBOL, but I'm not sure about
Assembler. That's quite technically tricky.
Timothy Sipples
IT Architect Executive, Industry Solutions, IBM Z & Linux
---
> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
> Behalf Of Steve Smith
> Sent: Friday, December 07, 2018 2:14 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: Code vulnerability
>
> Depends on what kind of vulnerability you're looking fo
7;t know about HLASM.
Something you may want to explore, if you haven't already investigated it.
Rich Way
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Steve Smith
Sent: Friday, December 07, 2018 2:14 PM
To: IBM-MAIN@LISTSERV
Depends on what kind of vulnerability you're looking for. z/OS itself
isn't the only valuable thing you have.
sas
On Fri, Dec 7, 2018 at 2:11 PM Charles Mills wrote:
> Ray Overby at Key Resources, Inc.
>
> Charles
>
>
> -Original Message-
> From: IBM Mainframe Discussion List [mailto:I
Ray Overby at Key Resources, Inc.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of scott Ford
Sent: Friday, December 7, 2018 10:04 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Code vulnerability
All,
We write in Enterprise Cobol
Scott,
Unless your code runs authorized, is an SVC or a PC I don't think it can
cause vulnerabilities that threaten your system. The system does a pretty
good job of isolating problem state code such that it will not cause
problems.
Lou
--
Artificial Intelligence is no match for Natural Stupidity
IBM has a tool called ADDI and I believe Compuware might have one as well.
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of scott Ford
Sent: Friday, December 07, 2018 1:04 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Code vulnerability
Al
15 matches
Mail list logo
