Secure Coding mailing list archives

Mainframe Security

From: shuffle3 at insightbb.com (Edward N Schofield)
Date: Fri, 02 Nov 2007 01:44:15 -0500

When all else fails, your need to answer four questions:
1) Is it authorized by the management that answers for the results of 
processing?
2) How do you know if the processing and resulting data are complete?
3) How do you know the results of processing are accurate?
4) Can the results of transaction processing be traced throughout any 
part of the application process  without omitting or diluting the 
answers to the previous 3 questions?
I have to attribute my answer to Mr. Hugh Hardie of Missasuagua, 
Ontario, CA, who made a inspired presentation to the Illini Chapter of 
ISACA very many years ago. I wish that his hunger to inspire others to 
pursue risks in their IS environment continues.
Ed

McGovern, James F (HTSC, IT) wrote:

 I was thinking that there is an opportunity for us otherwise lazy
enterprisey types to do our part in order to promote secure coding in an
open source way. Small vendors tend to be filled with lots of folks that
know C, Java and .NET but may not have anyone who knows COBOL.
Minimally, they probably won't have access to a mainframe or a large
code base. 

Being an individual who is savage about being open and participating in
a community, I would like to figure out why my particular call to action
is. What questions should I be asking myself regarding our mainframe,
how to exploit, etc so that I can make this type of knowledge open
source such that all the static analysis tools can start to incorporate?


*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************


_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________

Current thread:

Mainframe Security, (continued)
- - - Mainframe Security Paul Powenski (Nov 01)
    - Mainframe Security Johan Peeters (Nov 02)
    - Mainframe Security ljknews (Nov 02)
    - Message not available
    - Message not available
    - Mainframe Security ljknews (Nov 02)
    - Mainframe Security Glenn and Mary Everhart (Nov 02)
    - Mainframe Security Gergely Buday (Nov 02)
    - Mainframe Security Florian Weimer (Nov 02)
    - Mainframe Security ljknews (Nov 02)
    - Mainframe Security Florian Weimer (Nov 03)
    - Mainframe Security Andrew van der Stock (Nov 17)
    - Mainframe Security Edward N Schofield (Nov 01)
- Microsoft Pushes Secure, Quality Code Gary McGraw (Oct 09)
  - Microsoft Pushes Secure, Quality Code Gunnar Peterson (Oct 09)