|
|
|
Next, you should obtain the source code for each exit. You probably cannot obtain source code for exits supplied by software vendors because they usually consider their source code proprietary information. Many audit and security experts recommend that you accept vendor software on “faith” if it is part of a generally distributed release to the product’s customer base. However, you should insist on reviewing the source code for any locally‑written exits.
Once you have the source code, review it. If you do not read assembler language, you must request a systems programmer to perform a “peer review.” Determine the function of each exit and whether it is really necessary.
You can use the Program Freezer (5.5) to monitor changes to exits in various libraries. You can make a copy of the exits if you like with the ISPF/PDF Copy function. Then you can use the Program Freezer again during the next review to see if anything changed. If it did, you can use the Program Comparison Display (5.3) with the old and new copies and see what was changed. See the System Review Checklist for more information.
| Copyright © 2009 CA. All rights reserved. | Tell Technical Publications how we can improve this information |