[Info-vax] VSI OpenVMS Hobbyist Program Announced.

Dave Froble davef at tsoft-inc.com
Sat Jul 13 00:30:04 EDT 2019 

On 6/19/2019 8:38 PM, Arne Vajhøj wrote:
> On 6/19/2019 8:11 PM, Dave Froble wrote:
>> On 6/19/2019 7:44 PM, Arne Vajhøj wrote:
>>> On 6/19/2019 12:15 PM, Dave Froble wrote:
>>>> On 6/19/2019 8:28 AM, Simon Clubley wrote:
>>>>> On 2019-06-18, Arne Vajhøj <arne at vajhoej.dk> wrote:
>>>>>> If you try look at how application servers access database servers,
>>>>>> then you will find that unencrypted is still very common.
>>>>>>
>>>>>
>>>>> Are you sure ?
>>>>>
>>>>> What is the point of going to the effort of encrypting data at rest if
>>>>> you are then going to let it fly around unencrypted within a machine
>>>>> room's network ?
>>>>>
>>>>> Why do you trust the machine room network more than the rest of the
>>>>> organisation's network ?
>>>>>
>>>>> IOW, is trusting the machine room's network more than the rest of the
>>>>> network giving people a sense of false security ? One single
>>>>> compromise
>>>>> of a machine on that network and _everything_ on that network is
>>>>> potentially compromised.
>>>>
>>>> Your worship of security just may not be universally practiced?  Don't
>>>> blame me, I think it's important.  But I know there are those who may
>>>> not feel so strongly.
>>>
>>> Almost everybody considers security very important.
>>
>> "Almost" ???
>>
>> On a scale of 0-100, where does "almost" fall?
>
> My guess 95+%.
>
>> Consider not making unsupported statements or guesses.
>
> Only saying what can be proven would reduce the debate
> quite a bit.
>
>>> But there are different approaches to security.
>>
>> I'm out here in the real world, and my experience is that "most"
>> customers do not want to talk about "security".  Just what I see.  You
>> want my opinion, they are wrong.  But remember the two rules about
>> customers.
>
> I don't know your customers.

Sometimes I wish I didn't either ...

> But I would be very surprised if they don't care some about security.

Be surprised ...

> Do they have SYSTEM as password to SYSTEM?

Most never are on the VMS system.  Those that are are in captive 
accounts.  They definitely do not know about "SYSTEM".

> But their knowledge about modern security threats, their
> risk evaluation and their prioritization may do that they
> end up with what many will consider a low security level.

Well, a smart vendor only presents rather secure proposals to them.

:-)

-- 
David Froble                       Tel: 724-529-0450
Dave Froble Enterprises, Inc.      E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA  15486

More information about the Info-vax mailing list