Re: Rewarding Challenge AS/400 -- MIDRANGE-L

see below.

Someone has raised the point about the publication & response by IBM to security exposures. I have often wondered why the notification services like CERT, never report AS/400 problems. They certainly do report http, java, WebSphere , SQL and other problems, all of which OS/400 works with. But the reports are always about WinXX, Linux, Unix, NT, Sun, and a few others. (Actually I do know why - most of the universe doesn't know or understand what an AS/400 is). BTW, CERT is a good place to get free info on security exposures, and a free e-mail alert service. Our government at work. CERT� Coordination Center

----------------------------------

When we first told IBM about our findings, there response was some like

this (I can't remember the exact words - because it was always verbal):

If you go public with this we will cut you off (we are a business partner of IBM).

We will bury you. We will make sure you go out of business. Don't rock

the boat.

----------------------------------------

how is that for irresponsibility ???

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.