× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2010

Re: Why i??? NEED YOUR INPUT

Lukas Beeler wrote:

<<SNIP>> IBM offers loads of security relevant PTFs, labeling each of those just as "Integrity Fix" - you don't know what
you're dealing with. Microsoft communicates security issues
much better.


Not every security\integrity PTF is so limited in its descriptive text, but I agree the lack of transparency is problematic. For example, for a security issue that existed with STRPASTHR, there was no indication that the problem involved *only* client passthru requests; except what one might infer from, if even there were, any superseded PTFs listed in the PTF cover letter. Having known that, for a system where STRPASTHR [and its API] were well controlled, the administrator might choose to delay application of the PTF until the next cumulative. However not knowing what interfaces are impacted by the APAR\PTF, there is little choice but to schedule the application of the PTF at the soonest available maintenance window.

There would be little harm in IBM providing some detail about what interfaces are affected, even if not specifically giving the details about how the origin; i.e. as in the above STRPASTHR example, where we now know that there was a problem with STRPASTHR, but no idea how to undermine security\integrity by using that feature. The obvious benefit being the ability to make a somewhat informed decision about when to apply the PTF.

Regards, Chuck

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.