[Info-vax] Security, support and VMS, was: Re: A new VMS?

[Phillip Helbig undress to reply]

In article <s6p8bg$d6m$1 at dont-email.me>, Simon Clubley
<clubley at remove_me.eisner.decus.org-Earth.UFP> writes: 

> Huh ??? The majority of VMS users don't care about keeping their
> systems up to date and fully patched ???
> 
> I am having a hard time believing that...

Do you have some numbers?

Keep in mind that some customers can only rarely reboot, and some 
patches require a reboot.  Maybe the system is on a private network and 
security is just not an issue.  I don't sleep in a suit of armour to 
slightly increase my chances of survival should armed robbers break 
into my home.

> This isn't 20 years ago and anyone who acts like it is will find
> this out sooner or later.

If later is long after the machines have been retired, then not patching 
was the correct decision.

> Please tell me David is very wrong about this and that most VMS sites
> do consider themselves to be just as vulnerable as everyone else
> and take all the usual precautions as a result.

My guess is that most sites won't disclose the information.

> If he is right about this, just think about what will happen when
> one of the security researchers decide to probe x86-64 VMS. Much of
> what they find, and they _will_ find vulnerabilities, will apply to
> earlier architectures as well.

If x86-64 VMS becomes widespread enough that the black hats develop an 
interest in it, then we can celebrate.