Still don’t understand why (or don’t believe) the security of apps that interface with old mainframe applications is none or just security by obscurity?
Here’s the level of understanding of networks of the average mainframe guy:
There’s a huge knowledge gap between mainframe and network/distributed systems guys. The mainframe guys don’t even understand the threat models from our systems (most of them don’t understand anyone can connect to an open port on an IP host, for example), and we don’t understand how things work inside big iron. I’ve been talking about this for years, it’s a recipe for disaster.
I wonder when we’ll see the first malware capable of probing those systems.