[Info-vax] DECnet Phase IV and VMS code comments

Simon Clubley clubley at remove_me.eisner.decus.org-Earth.UFP
Sun Nov 27 22:31:02 EST 2016 

On 2016-11-26, Kerry Main <kemain.nospam at gmail.com> wrote:
>
> [snip..]
>
> Regardless of the company logo, my experience (including often
> working closely with CSSE - WW interface for DEC Field Services
> to Engineering) with the culture in OpenVMS engineering was/is
> that security was always a top priority. If the issue was OpenVMS
> related, I highly doubt the statement "the security issue is
> their problem" ever came up. 
>

The problem Kerry is that VSI still seem to be stuck in the old
mindset of how things were done in the old days of the 1980s/1990s
and don't seem to have adapted to how security issues are handled
in today's environment.

A really simple example: VSI _still_ didn't have a secure security
vulnerability reporting mechanism established the last time I checked
their website; they seem to be completely dismissing the possibility
that security issues may be reported by unrelated third parties who
may expect things to be done in a certain industry established way.

Another example; Do VSI have any plans in place to do coordinated
releases of patches with HP if a security vulnerability is found which
requires a patch to be created and released ? This coordination is
absolutely standard these days, but I've yet to hear VSI say anything
about this.

> Re: DECnet Phase IV - Hindsight is always 20-20. 
>
> However, it's fair to say that those who developed a new
> networking architecture 35+ years ago (when the design started -
> not when it was released) had no idea of the chaotic world
> networks would evolve into today.
>

It's not really to do with hindsight - IP and friends have also had
to adapt to the changing security world as well, both in terms of
protocol changes and in terms of changes to the various code bases.

The question you should be asking is: is there anything in DECnet
Phase IV (or the other DEC network protocols) which require similar
changes and have those changes been implemented over the years or not ?

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world

More information about the Info-vax mailing list