It’s All About Integrity!
The IBM® z/OS® System Integrity Statement illustrates IBM’s dedication and commitment to fix any identified integrity exposures in the z/OS Operating System. This does not equate to the mainframe being impenetrable or immune to security vulnerabilities.
Key Resources’ signature product, z/Assure Vulnerability Analysis Product (VAP) performs mainframe security vulnerability scanning. It further protects the integrity of your mainframe by performing automated, binary scans of software residing in the IBM z/OS Operating System layer and z/OS to identify severe security code vulnerabilities.
Each identified severe security code vulnerability is capable of compromising the entire system and all of the data.
What is a Severe Security Code Vulnerability?
Each severe security code vulnerability identified by z/Assure VAP is roughly equivalent to an 8.4 out of 10 on the common vulnerability scoring system (CVSS), an open industry standard for identifying software vulnerabilities. Each unaddressed severe security code vulnerability on your mainframe poses a severe threat to your company and clients.
When Exploited, Severe Security Code Vulnerabilities
- Allow internal and external hackers to bypass the security controls put in place by z/OS and the installation to
- Elevate a user’s access privileges
- Turn off security and logging
- Denial of Service Attack
The Lifecycle of a Vulnerability
The lifecycle of a vulnerability on the mainframe is the same as it is on all software platforms.