[Info-vax] WHY IS VSI REQUIRING A HYPERVISOR FOR X86 OPENVMS?

Simon Clubley clubley at remove_me.eisner.decus.org-Earth.UFP
Tue Jan 12 08:42:38 EST 2021


On 2021-01-11, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
> On 2021-01-11 19:16:05 +0000, Dave Froble said:
>
>> Just because you found a flaw, in no way means that there are other flaws.
>
> There are other flaws, David.
>

And until VMS gets the same level of probing as other operating systems,
we don't know how many are just waiting to be found.

And that's the problem David, we just don't know how good or bad VMS
is because it's not being held to the same standards as other operating
systems.

I keep quoting the issues I came up with because it's a really good
example of that. People used to say that DCL was more secure than
"that Unix stuff" because they allowed themselves to believe that
the absence of any probing meant the same thing as DCL being secure.

Then I decided to invest some time in probing DCL and then promptly
discovered it had been wide open on VAX and Alpha for 33 years.

I am not a professional security researcher and yet I found that.

What happens when the professional security researchers get interested
in probing VMS ? What other issues are _they_ going to find if I can
find something like that ?

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.



More information about the Info-vax mailing list