[Info-vax] I guess VMS can't lose?

Main, Kerry Kerry.Main at hp.com
Sun Nov 7 23:46:11 EST 2010 

> -----Original Message-----
> From: info-vax-bounces at rbnsn.com [mailto:info-vax-bounces at rbnsn.com]
> On Behalf Of JF Mezei
> Sent: November-07-10 9:13 PM
> To: info-vax at rbnsn.com
> Subject: Re: [Info-vax] I guess VMS can't lose?
> 
> Main, Kerry wrote:
> 
> > Linux (and Wintel) have 5-20+ security patches released each and EVERY
> > month. When you have hundreds+ of servers, how do you ensure the
> > Important apps are retested before all of these patches are rolled out
> > in the time frames required?
> 
> 
> 
> Linux is a far richer environment than VMS. It has a gazillion more
> utilities, middleware and applications than what is delivered with VMS.
> 
> A lot of the patches aren't security related. Many are for improvements
> to applications whicn the Linux "support" vendors package as a "patch".
> 

JF, you are like many who do not realize the real issues behind Linux because
You have not had to deal with supporting large numbers of Linux.

Its really amazing how many even Linux admins do not even realize the following 
Red Hat site even exists: (bad guys do though)

https://www.redhat.com/archives/enterprise-watch-list/ 
(click on thread for each month and check them out yourself. Also, notice how 
Many are rated critical or important. Also, notice how many state "kernel"
Because a kernel security patch means a server reboot.)

> It does not mean that you have to install all of them within 24 hours of
> being issued.
> 
> And it also shows that Linux is very actively being developped and bugs
> are quickly fixed as soon as they are documented.
> 

Yeah, I remember about a year ago doing a DC Strategy engagement in a
large US agency and the resident Red Hat consultant went on about the benefits
of their new patching tool (Satellite Server) that would allow the Customer
to do "hourly" patching.

All of the experienced IT folks in the room almost fell over. They want stability 
and availability and RH was promoting hourly patching?

> 
> How many years did it take for VMS to plug the major TCPIP Services
> security hole because it didn't have intrusion detection for IMAP/POP ?
> Such a problem would have been fixed in a couple of weeks on an actively
> developped OS.
> 

Again, I did not say OpenVMS did not have security issues. All OS's do.

It’s a question of security patch volume.

If OpenVMS has more than a couple security patches per year, then it was 
a bad year. When these happen, Cust's can test their app's and roll out the 
patch.

Compare that to 5-20+ security patches released each and EVERY month.
Its EVERY month!

How do you retest all your important Apps every month? Tell that to the
Business who want new functionality tested - not old code on existing
platforms.

Hence, the adoption by commodity OS players of the patch-n-pray strategy.

Regards,

Kerry Main
Senior Consultant
HP Services Canada
Voice: 613-797-4937
Fax: 613-591-4477
kerryDOTmainAThpDOTcom
(remove the DOT's and AT)

OpenVMS - the secure, multi-site OS that simply works

More information about the Info-vax mailing list