[Info-vax] Should VSI create a security bug bounty program for VMS ?
Phillip Helbig undress to reply
helbig at asclothestro.multivax.de
Thu Sep 1 16:58:24 EDT 2016
In article <mailman.2.1472673255.26953.info-vax_rbnsn.com at rbnsn.com>,
"Kerry Main" <kemain.nospam at gmail.com> writes:
> > > Well, OpenVMS runs some of the biggest financial
> > environments on the
> > > planet (e.g. Shanghai Stock Exchange, German Stock
> > Exchange, big banks)
> > > so that in itself should be motivation enough. But, as far
> > as I know,
> > > this has not happened.
> >
> > At least these days, VMS at these places is only on internal networks.
> > If someone who shouldn't has access to the internal
> > networks, then there
> > are much bigger problems to worry about.
>
> Most security groups will state that their biggest worry
> is not the Internet, but rather internal threats.
True, but usually not exploiting some security hole, but rather someone
doing something they shouldn't.
> Not just disgruntled employees, but cell phones,
> notebooks, and laptops all regularly traverse public /
> home networks and then reconnect to wireless / hard
> connections to internal networks in the office and/or via
> VPN.
And if the production VMS systems are on the same network, then the
security policies need to be changed. (Reminds me of the old joke: when
the unix sysadmin talks about security, he means that of his job.)
> And of course, cell phones/notebooks are really just big
> fat PC's with big storage and little to zero security
> monitoring SW on them.
Right, which is why they have no business on a production network.
More information about the Info-vax
mailing list