From: Glenn C. Everhart [Everhart@GCE.com]
Sent: Saturday, June 10, 2000 7:13 PM
To: Info-VAX@Mvb.Saic.Com
Subject: Re: VMS Security features

David Andreas Alderud wrote:
> 
> Hello, I'm interested in hearing about designfeatures that makes VMS secure.
> I'm an OpenBSD and FreeBSD user and I'm really interested in the inner
> workings of OSs.
> I've heard people say that VMS has awsome security, but I can't find any
> scientific papers on it. Some said that VMS doesn't have the usual stack and
> suid problems of UNIX, so how does the stack and superuser thing work?
> Any pointers to scientific reports are most welcome.
> 
> -Thanks
You might try the Guide to VMS Security. One thing that enhances
its security is lack of an all-powerful root. Everything is governed
by ACLs or userid protection. IT goes far deeper.

The main thing though, which won't appear in scientific articles,
is that VMS is produced in an engineering culture in which 
security problems and data corruption problems are anathema,
treated as showstoppers, and looked for constantly. For example
when commands to change tape skipping behavior to speed up some
SCSI tape drives were discussed, security implications were a
prominent part of the design discussion. They had to be, and
were, addressed.

VMS engineering does a LOT of mutual design and code cross
checking, so that the VMS product is the result of over 100
very sharp people constantly vetting the code for data integrity
and security. (I suspect this is a rather larger group than
works on OpenBSD.) Code gets redone and reworked as needed
(so that the V1 VMS system that Dave Cutler contributed to, for
example, bears only very modest resemblance to the V7.3 product
being worked on today.)

THAT is why the system runs as it does. There may be software
companies that cannot produce carefully done quality software.
VMS Engineering is not such a place.

Glenn Everhart