Re: New 6.1 security group ptf. -- SECURITY400

John Jones wrote:

There may also be shops that have internal controls, procedures,
and/or audit requirements that allow security updates but not
necessarily any other updates without rigorous review & testing.
Having a separate security group lets them get those updates
without scouring all PTF cover letters looking for just
security-related events.

FWiW. The security\integrity PTFs [for LIC, OS, and LPPs] had already been included with the HIPer designation and each identified with variant(s) of the "security" and "integrity" terms capable of being found with a simple token search; i.e. no poring over cover letters required to locate them. Issues which either effect data errors per designation of "incorrect output" or defects which may result in system failure, in many cases would be much more important to include in the list of updates being installed [in consideration of the cover letter text, for how the described situation might be applicable], than those of a security nature [for which no description of what either the defect or its correction is published for which just as rigorous testing would be justified but without full ability to review].

Regards, Chuck

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.