[Info-vax] VMS and security
jimc...@gmail.com
jimcausey at gmail.com
Tue Nov 8 19:28:12 EST 2022
On Thursday, November 3, 2022 at 6:42:30 AM UTC-7, Simon Clubley wrote:
> Unfortunately, the idea of VMS security somehow being comparable to
> today's expected security standards is utterly delusional.
>
> Even Linux is _far_ in advance of what VMS offers.
>
> For example, Linux has mandatory access controls and VMS is still stuck
> back in the DAC world.
>
> There's no ASLR/KASLR support on VMS.
>
> There's nothing like the Unix chroot jails on VMS.
>
> Compiler protections in generated code has been lacking on VMS compared
> to what is available elsewhere, but John in recent years has started
> looking at getting comparable protections in the VMS compilers, when it
> comes to generating code, that currently exist elsewhere.
Does VSI have a security program roadmap? I would have hoped that the x64 port would include table-stakes features like ASLR; if the product wants to compete with Linux and Windows, it will also need to have transparency on progress @ modernization features, compiler practices, and responsible security reporting -- at a minimum
More information about the Info-vax
mailing list