:...I'd like to know where I can get information about VMS security failures.
Please see the _OpenVMS Guide to System Security_ manual, part of the
OpenVMS documentation set, for information on OpenVMS system security.
As for discussions of specific security failures, these are generally
not discussed publicly -- regardless of the operating system and vendor.
Sites that have experienced security problems or security-related losses
are understandibly reluctant to discuss them. (There have been various
books on this topic -- the Cuckoo's Egg, by Clifford Stoll, is one.)
:Is VMS totally secure ?
Engineers will generally not provide "absolutes" as answers to open-ended
OpenVMS holds NCSC Class C2 and (with SEVMS) Class B1 security evaluations.
For what an NCSC security evaluation indicates, check with the NCSC folks.
A properly-configured OpenVMS system is quite secure -- OpenVMS engineering
takes system security and any security problem reports very seriously.
:I'm not a hacker ! Only a curious guy !
This can be difficult to differentiate remotely. Particularly when asking
this question in this forum in this fashion. (No offense is intended.)
Please send any reports of problems directly to DIGITAL -- while most folks
following this newsgroup are upstanding and honest individuals and should
be notified of security holes quickly, there are a few nefarious folks that
following this and other newsgroups that will (mis)use any security reports.
Making direct reports to DIGITAL means that OpenVMS engineering can assess
and react to the security problem, before the problem (potentially) becomes
widespread among many customers...
-------------------------- pure personal opinion ---------------------------
note to those folks not contributing spam -- there is no ZZ in my address