In The Spotlight
The days when we could feel confident that IBM i had no security vulnerabilities are very much over. A peek at the Common Vulnerabilities and Exposures (CVE) registry list proves it.
By Pauline Brazil Ayala
For security admins on Windows and Linux platforms, the Common Vulnerabilities and Exposures (CVE) registry has been common knowledge for a long time. But to IBM i admins, it may be a little less well known. When I worked in a multi-platform security team, we bragged that there were never any IBM i security vulnerabilities. Windows and Linux were riddled with them, but IBM i? Nope, never. We held our heads high with pride. However, in recent years, a few things have changed in the IBM i CVE landscape. One is that the platform has been getting more attention from folks trying to penetrate the system, whether they be bad actors or penetration testers. Another is that a lot of open-source, third-party software has been introduced to the system, allowing for innovation. This article aims to shed a little light on what CVEs are and how they can be used to your security advantage.