[Info-vax] DCL vulnerability write up on The Register
terry-groups at glaver.org
terry-groups at glaver.org
Tue Feb 6 23:52:15 EST 2018
On Tuesday, February 6, 2018 at 10:27:04 PM UTC-5, IanD wrote:
> The exploit was there for what, 30 years?
> Could not the security exploit release have have waited for another 6-8 months more (1.6% of the time it existed for!) until VSI rolled out x86 and given people a positive pathway forward?
The December 2017 VSI Roadmap lists the first production release of VMS on x86 as 2020 (quarter unspecified), and even the general early adopters kit isn't until 2019 (likewise, quarter unspecified). If the schedule changes, it will likely be in the direction of longer than shorter - when has a major software project taken less time than expected? So it is likely a good while longer than 6-8 months, even assuming that customers could port over instantly, which isn't realistic in most cases.
On the other hand, having some readily-available information on the VSI homepage about how existing HP VMS customers can easily migrate to VSI VMS (and the benefits of doing so), along with pricing (even DEC / Compaq / HP published list prices, albeit in an incomprehensible number of irrelevant variants) might encourage more existing Alpha / Itanium users to switch.
Further, while VSI said they aren't allowed to provide patches for HP VMS, they could probably say something like "A patch kit is available for VSI customers with active support. For other customers, a mitigation strategy is... (insert known workarounds here)".
Looking at the VSI web site, it seems to lack a good answer to "what's in it for me?" for switching to VSI VMS + support on their existing systems.
More information about the Info-vax
mailing list