Jim Franz wrote:

So what (from IBM & other major software vendors)
requires PASE?
Websphere server?
What else?

Jim:

I (a) don't know and (b) don't know if it matters.

AFAIK, TCP/IP itself runs in PASE. (I.e., in the foundation that 5722SS1 option 33 provides an interface for.) Who knows? I'm not specifically aware of anything but would be interested in knowing.

Regardless, I actually believe that that's an element of Joe's passion. He expects a significant degree of openness from IBM on issues of security and regularly pushes for it by demanding evidence.

If such vulnerabilities exist and they're simply kept quiet, a degree of risk keeps rising. The argument against 'security by obscurity' is refuted many times over. Joe demands evidence because (IMO) he intends to force any such vulnerabilities to be _fixed_ pronto.

If we don't know, if all we know is "Stuff has happened", then it's impossible to know if you're properly protecting yourself.

If nothing else, from that standpoint Joe is right to push and keep pushing. At the very least, he continually hammers out the message that we have the best available. And when a vulnerability becomes known, he'll be at the front of the line to demand its closure.

...assuming anything is known.

Tom Liotta


This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].