Yesterday, three HP 3000 Security Bulletins were posted to comp.sys.hp.mpe.
These bulletins were taken from the HP SupportLine (HPSL) Security Bulletin
service.  This is the first time we've used the HPSL Security Bulletin service
to notify HP 3000 customers about security vulnerabilities.  From now on,
the HPSL Security Bulletin service will be the primary mechanism CSY uses to
inform its HP 3000 customers about security problems.  This service is free to
anyone who has purchased an HP 3000 or an HP 9000 system.  The Security
Bulletin service is basically an electronic mailing list that HP has been
using to inform its HP 9000 customers about security vulnerabilities and
corrective counter-measures.
 
As the first follow-up to this article, I've posted a public announcement
entitled, "Hewlett-Packard Announces Security Bulletin Service for HP 3000
Customers."  This article explains a little more about the Security Bulletin
service and how to subscribe to the mailing list.  We also included a
description of the Security Bulletin service with every shipment of the
General Release of MPE/iX 5.0 (the "5.0 Push" release).
 
We are currently investigating two enhancements that will help us better
serve our HP 3000 customers.  First, we are looking at extending the
HPSL Security Bulletin service to include a mechanism for delivering
Security Bulletins via FAX.  This will help us reach HP 3000 customers who
have a difficult time accessing the Internet.  Second, we are trying to
define an electronic patch delivery mechanism for HP 3000 customers to
replace the current tape methodology.
 
Hopefully, both of these changes will be in place before we have to do our
next security problem notification.
 
Mike Paivinen
[log in to unmask]
 
Hewlett-Packard
CSY - Mailstop 47UP
19447 Pruneridge Avenue
Cupertino, CA   95014