[Info-vax] VMS security, was: Re: OpenVMS books
Arne Vajhøj
arne at vajhoej.dk
Sun Jul 30 17:09:53 EDT 2017
On 7/30/2017 4:37 PM, Simon Clubley wrote:
> On 2017-07-29, Kerry Main <kemain.nospam at gmail.com> wrote:
> And it doesn't help matters when certain portions of the VMS community
> sticks its head in the sand and tries to claim the issues affecting
> other operating systems do not apply to VMS.
It is even worse.
There are some that actually use the lack of security bug fixes as
"proof" that VMS is more secure.
>> Btw - while the finger bug was something that needed fixing, one should
>> remember that the service is disabled by default and I have never known
>> any OpenVMS system that even uses finger. It was/is a service that came
>> from the UNIX based code that was ported to OpenVMS as UCX.
>>
>
> That's not the point. The point is that the code should never have
> passed peer review.
Nobody should expect code review to find all problems.
Just like static code analysis, unit tests, real test etc.
does not find all problems either.
But when combined they find a large portion of bugs.
Still some get through.
Which is why a vulnerability reporting mechanism and
an effective patch delivery mechanism are needed.
Arne
More information about the Info-vax
mailing list