[Info-vax] Should VSI create a security bug bounty program for VMS ?

Stephen Hoffman seaohveh at hoffmanlabs.invalid
Thu Sep 1 13:08:50 EDT 2016


On 2016-09-01 16:47:32 +0000, Robert A. Brooks said:

> On 9/1/2016 12:19 PM, Stephen Hoffman wrote:
> 
>> Good.   There are opportunities for more than a little swamp-draining 
>> available, certainly.
> 
> Yeah, that exact phrasing was used during a discussion yesterday . . .

Ayup.    I've always thought those laser microphones worked great, too.

But seriously, have a look at at macOS security for some idea of how to 
try to tie some of the disparate pieces together, if VSI is headed 
toward draining the deeper parts of the swamp.   I don't expect VSI to 
implement anywhere near all of that, but the ways that the encrypted 
key stores and the APIs are implemented and how the pieces work 
together is very reminiscent of old-time VAX/VMS design and 
integration.   The way the key bags work is particularly useful, as it 
avoids needing to decrypt and re-encrypt the data.


-- 
Pure Personal Opinion | HoffmanLabs LLC 




More information about the Info-vax mailing list