One thing to remember is that the study was authored by someone who sells solutions that address the issues raised. Is it any surprise that their study finds that people with System i's need their software to fix the issue raised?
While it is true that PowerTech sells solutions to _some_ of the problems that were outlined in the study, it would be a mistake to conclude that this study only looks at problems that our software corrects. For example, the study found that 41% of shops are still at QSECURITY level 30 and below. This is significant from a security perspective, but PowerTech doesn't sell a product that will migrate your machine to level 40. The same is true for the 12% of user ID's that carry default passwords, and the 25% of systems that haven't turned on the security audit journal (QAUDJRN). PowerTech doesn't sell software solutions to these problems. You are going to have to fix them with the tools provided in OS/400. It is also worth noting that we believe in the data in this study - and we have made real investments based on those beliefs. For example, the first study (2004) demonstrated that there was a very real problem with how users with *ALLOBJ and other powerful authorities were not being managed (and the 2006 study shows that out of an average of 749 users, an average of 60 still have *ALLOBJ authority). So we took an internal tool (Authority Broker) that manages and monitors powerful users and released it as a product in 2005. The product has been accepted by the iSeries community because (as the study data shows) the problem it addresses is widespread. Should you be surprised that we have solutions to some of the problems that the study points out? No. We have been paying very close attention to the needs of the iSeries security market and in doing so have positioned ourselves to exercise leadership in this space. Does the study underscore what PowerTech has been saying about security for 10 years? Yes - our message has been very consistent. And remember, the study doesn't indicate that there is a problem with the underlying architecture of OS/400 security, it just says that system admins (including a lot of us on this list) could do a better job of managing the security on our favorite box. And it has said that for three years running now. jte -- John Earl | Chief Technology Officer The PowerTech Group 19426 68th Ave. S Seattle, WA 98032 (253) 872-7788 ext. 302 john.earl@xxxxxxxxxxxxx www.powertech.com Celebrating our 10th Anniversary Year! This email message and any attachments are intended only for the use of the intended recipients and may contain information that is privileged and confidential. If you are not the intended recipient, any dissemination, distribution, or copying is strictly prohibited. If you received this email message in error, please immediately notify the sender by replying to this email message, or by telephone, and delete the message from your email system. --