IBM Z Hardware and Operating Systems Ideas Portal
Hide about this portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Future consideration
Workspace z/OS
Categories SMP/E
Created by Guest
Created on Oct 1, 2024

RELATED IDEAS

Easier/quicker way to report CVE related PTF’s being applied to systems.

Goal: be able to quickly respond and prove to audits and adhoc management requests for ensuring CVE related z/OS fixes are applied in a timely manner.

 

Description/Why/How:

Currently, CVE information for z/OS and z related products are provided file by file on Resource Link. This method causes a user to manually go surf through all known (or unknown) z related files to check update dates (yes, we realize notification of change exists) and gather new information about CVE related fixes, then must go back to z to SMPE check those fixes to see if they’re applied. It would be much easier and less time consuming to have a single file with all z related products that are SMPE managed in one place (one file) for a user to check, or automation to download to a z LPAR, to SMPE check against.

 

Assumptions:

We feel this can be achieved with a new FIXCAT, or an additional HOLDDATA section, similar to how PE is handled now. Ideally, the deliverable would SMPE digestible, so that when we have a request to prove we have CVE fixes applied, we can run a RPTMISSINGFIX or an SMPE LIST NOAPPLY to figure out results that we need, quickly, and with little effort. We are currently using the secure portal to deliver SECINT ASGN and HOLDDATA, and feel that this process can also work for CVE related maintenance, considering we already have to obtain an ID and PW from IBM to use it. Our goal is to provide a quick YES/NO to ‘are your CVE fixes applied’.

 

 

Requests options:

  1. Provide a ‘quick and dirty’ z related file on Resource Link that’s downloadable, in a format we can FTP to z to run against. This file would have all SMPE installed/fix delivered z related FMIDs/Products in one place, calling out specific APARS/PTFs for relation with a CVE.

 

Or

 

 2. Provide SMPE digestible file that includes either FIXCAT or HOLDDATA marking a specific PTF to be a CVE fix. There are ways to protect what CVE fix it relates to, and that can be figured out in a further discussion. This file could be obtained in a similar manner to SECINT processing that’s running today. This would alleviate all extra work around getting a websever file to z, running automation against it to then compare the SMPE data. This would provide the ability of using SMPE tooling that already exists today.

Idea priority High

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.