In the ever-changing cyber-attacks patterns, software security patches serves as an armour so that existing vulnerabilities cannot be easily exploited. The security patches on softwares closes the gaps that unauthorised actors could use to take advantage of an Infrastructure. According to various reports, upto 85% of the data breaches were caused by human mistake, which was frequently the result of unpatched vulnerabilities in the enterprise systems. According to recent IBM Security data, 74% of cyberattacks target vulnerabilities for which patches were available at least a month before the attack. These findings highlight the important relationship between timely patching and successful malware defense.
Even ever changing regulatory compliance mandates focusses on developing and maintaining secure system and applications by making ensuring timely installation of security patches. PCI DSS ( Payment Card Industry Data Security Standard) has strict requirements on securely patching the cardholder data environment. PCI DSS Requirement 6 emphasises on ,
“All critical systems must have the most recently released software patches to prevent exploitation. Entities should apply patches to less-critical systems as soon as possible, based on a risk-based vulnerability management program. Secure coding practices for developing applications, change control procedures and other secure software development practices should always be followed.”
Security and integrity information for z/OS and its products is provided by the IBM Z Security Portal. Incorporating the use of the IBM Z Security Portal in your security management processes will help ensure that system maintainers, security response teams, and auditors are up to date with the latest IBM security service and recommendations that can help ensure platform security.
Security and integrity APARs and associated fixes are posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk. No additional information is available from IBM Support.
SMP/E HOLDDATA on the IBM Z Security Portal summarizes all security and integrity APARs for each version, release, and modification (VRM) level of z/OS products.
With IBM Z Security and Compliance Center , clients can check for outstanding security integrity patches related compliance checks via the newly implemented Security Patch specific goals support. Each goal is tailored for specific compliance with checks focussed on missing critical updates based on CVSS Score, overdue security fixes which are available for longer time etc.
As detailed out in the screenshot below, the goals are incorporated into the PCI DSS v3.2.1 and PCI DSS 4.0 predefined profiles for z/OS and detailed scan reports can be obtained.