[Info-vax] Next release of OpenVMS x86

Simon Clubley clubley at remove_me.eisner.decus.org-Earth.UFP
Fri Jul 10 08:54:39 EDT 2020 

On 2020-07-10, IanD <iloveopenvms at gmail.com> wrote:
> I never remember digital engineers being as open and as Frank as the VSI ones
>
> I'm very well aware there is VSI management who are putting their spin on things, I also don't like the fact that they publicly stated VMS security as being the best, I think it is foolish. A statement that they were not relying on VMS's solid track record in regards to security would have been better in my view
>
> Defcon 16 was some ago and the exploit mentioned did involve the TCP bolt
> on that VMS become all too known for but it was an exploit nevertheless and
> the bad guys don't care what method they use to get in, an exploit is an
> exploit
>

Actually, the one of the core problems was in the underlying SMG$ library.

Likewise, back when I was looking for a vulnerability I deliberately ignored
all the add-on stuff like the TCP/IP stack and focused on the native VMS
side of things. That way, any vulnerability couldn't be mentally dismissed
as "not really a VMS problem".

> Let's not sink the VMS ship before it's had time to sail but I do agree
> with you, it was silly to promote it's security virtues when it's been many
> years since it's come under a modern microscope analysis in regards to
> attacks and exploits
>

The main problem is that it paints a huge target on the backs of the VMS
community, especially if a researcher goes "OH, REALLY ???!!!" when seeing
the language where VSI claims, wrongly, that VMS is the most secure operating
system on the planet.

> Let VSI get on their feet first with the x86 port, I highly doubt most of
> the world is sitting waiting for VMS to appear in x86 just so they can
> attack it, I would have thought anyone with an interest in attacking the
> platform would have done so by now anyhow

Up until now, VMS has run on specialist hardware. For the first time ever,
it is now going to run on some of the same hardware as many other operating
systems which get probed these days do.

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.

More information about the Info-vax mailing list