[Info-vax] Should VSI create a security bug bounty program for VMS ?
Paul Sture
nospam at sture.ch
Thu Sep 1 15:00:40 EDT 2016
On 2016-09-01, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
> On 2016-09-01 16:47:32 +0000, Robert A. Brooks said:
>
>> On 9/1/2016 12:19 PM, Stephen Hoffman wrote:
>>
>>> Good. There are opportunities for more than a little swamp-draining
>>> available, certainly.
>>
>> Yeah, that exact phrasing was used during a discussion yesterday . . .
>
> Ayup. I've always thought those laser microphones worked great, too.
>
> But seriously, have a look at at macOS security for some idea of how to
> try to tie some of the disparate pieces together, if VSI is headed
> toward draining the deeper parts of the swamp. I don't expect VSI to
> implement anywhere near all of that, but the ways that the encrypted
> key stores and the APIs are implemented and how the pieces work
> together is very reminiscent of old-time VAX/VMS design and
> integration. The way the key bags work is particularly useful, as it
> avoids needing to decrypt and re-encrypt the data.
Here's a real example of how that level of integration can work to
benefit both the application developer and end user.
>From the latest "Release Notes for MailMate Revision 5260 (Thursday,
September 1, 2016) — Version 1.9.5 Beta 1":
New: Network code now uses CFNetwork instead of OpenSSL. This
implicitly means proxy support (System Preferences), IPv6 support,
and TLS 1.2 support.
--
It was untidy, so got unplugged.
It was unplugged, so got thrown away.
More information about the Info-vax
mailing list