Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Mainframe Security

From: ljknews at mac.com (ljknews)
Date: Thu, 1 Nov 2007 22:52:58 -0400
At 9:16 PM +0100 11/1/07, Johan Peeters wrote:

I think this could do a great service to the community.

Recently I was hired by a major financial institution as a lead
developer. They said they needed me for some Java applications, but it
turns out that the majority of code is in COBOL. As I have never
before been anywhere near COBOL, this comes as a culture shock. I was
surprised at the paucity of readily available information on COBOL
vulnerabilities, yet my gut feeling is that there are plenty of
security problems lurking there. Since so much of the financial
services industry is powered by COBOL, I would have thought that
someone would have done a thorough study of COBOL's security posture.
I certainly have not found one. Anyone else?


Can anyone point to stories about Cobol exploits ?

I mean exploits that have to do with the nature of the language, not
social engineering attacks that happened to take place against a Cobol
shop.

My limited exposure to Cobol makes me think it is as unlikely to have
a buffer overflow as PL/I or Ada.
-- 
Larry Kilgallen
Previous By Date Next
Previous By Thread Next

Current thread: