[Info-vax] Should VSI create a security bug bounty program for VMS ?
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Thu Sep 1 09:22:49 EDT 2016
On 2016-08-30, Kerry Main <kemain.nospam at gmail.com> wrote:
>
> What do think the % of hackers is that have the level of understanding to
> hack an OpenVMS account?
>
One hell of a lot more than currently exist when VMS becomes available on
x86-64 hardware, especially if VSI do some kind of hobbyist program.
>
> SMG was a biggie. Agree. Finger was an issue back 15+ years ago as I recall,
> but let's be real - how many OpenVMS sites ever turn on the TCPIP Finger
> service?
>
That's not the point; the finger problem appears to have been a format
string vulnerability; if so, it should never have passed code review
in the first place. The obvious questions is do any similar problems
exist in other parts of the stack ?
>
> Commodity OS's have 20+ security patches released each and EVERY month.
> Security patches - not normal bug patches. Yes, not all apply to all OS
> versions. Not all apply to the Products or services these OPS group actually
> use.
>
And VMS would be seeing a lot more patches if it's internet related
components were updated at the rate they should be.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list