-
Fortra Issues 20th State of IBM i Security Report
May 24, 2023 Alex Woodie
IBM is celebrating 35 years of its midrange platform next month, and there is no doubt it will be an exciting moment for the IBM i community. But there’s another occasion you might not be aware of: the 20th annual State of IBM i Security Study, which was issued last month by Fortra (formerly HelpSystems).
Back in 2004, the security experts at PowerTech took it upon themselves to analyze the configurations of customers’ actual iSeries and AS/400 servers (there were still AS/400s around) and write a report sharing what they found. As you might imagine, the state of security, as …
Read more -
Top Five Failures In State of IBM i Security For 2022
April 18, 2022 Alex Woodie
HelpSystems last week officially unveiled its annual State of IBM i Security report, the 18th straight year for the series. Like with past reports, the 2022 version highlights some of the continuing challenges that IBM i customers face when trying to secure their systems. A few key areas stand out above the rest.
The IBM i server is a bit of an enigma when it comes to security. While it is widely perceived to be one of the most secure computing platforms on the planet – and “virus-proof” to boot – the reality is that a good number of IBM …
Read more -
State Of IBM i Security: Seven Areas That Demand Attention
April 24, 2017 Alex Woodie
The latest installment of the annual State of IBM i Security was released last week by HelpSystems, and the results were about what you would expect: most IBM i servers are basically wide open for abuse.
In a webinar last week, HelpSystems director of security technologies Robin Tatam discussed the findings of the report, which was based on security assessments conducted on 332 systems during 2016. He broke the findings down into seven core areas that should be addressed, including system security levels; administrative privileges; passwords and user profiles; data and program permissions; network access and exit programs; audit trails; …
Read more -
State of IBM i Security? Still Horrible, After All These Years
May 18, 2015 Alex Woodie
… Read moreWhen you talk to IBM about the IBM i-on-Power platform, the word “security” is used extensively, and appears frequently next to other power words like “reliability” and “availability.” But when you talk to the security software vendor PowerTech about the state of IBM i security, you might be surprised to hear words like “wide open” and “breach fatigue.” Then again, if you have been an IT Jungle reader for very long, you may not.
Last month, PowerTech released its 12th annual State of IBM i Security Study. The 25-page report, which you can download from the company’s website,
-
State Of IBM i Security? Dismal As Usual, PowerTech Says
May 19, 2014 Alex Woodie
… Read moreOrganizations are taking unnecessary risks by neglecting to properly secure their IBM i environments, according to PowerTech‘s 2014 State of IBM i Security report, which it released last week. While PowerTech spotted all kinds of security shortcomings–ranging from too many powerful profiles to using lax security levels–the most glaring problem may have to do with poor password management.
Bad password hygiene leaves IBM i shops open to external hackers and internal threats, PowerTech says. You are not going to find Heartbleed-level password problems, where billions of once-trusted passwords instantly became vulnerable overnight. But considering the level of fine-tuning that’s
-
State Of IBM i Security Remains Poor, PowerTech Says
May 21, 2012 Alex Woodie
… Read moreIBM i shops are still failing to enact basic security safeguards to prevent unauthorized access of the data in their systems, according to PowerTech, which issued its annual State of IBM i Security report this month. Even when it comes to basic security concepts, like changing default passwords, minimizing user permissions, and monitoring exit points, the average IBM i shop fails spectacularly. The upshot is that most shops are gambling with their data, with a heavy bet placed on “security through obscurity.”
If it was a video conference, PowerTech director of security technologies Robin Tatam would have been seen
-
IBM i Shops “Attacking” Security Concerns, Study Shows
July 8, 2025 Alex Woodie
Faced with ever-growing security concerns, IBM i shops are “attacking” the problem and taking real steps to improve their security posture, Fortra’s says in its latest State of IBM i Security study. It is the second straight year that Fortra has noticed an improvement in IBM i shops’ approach to security. However, there are still areas that require improvement.
Fortra and its predecessors (HelpSystems, PowerTech) have been running the annual State of Security study for 22 years, providing a unique glimpse into the security configurations of IBM i customers that is unmatched in the industry.
Every year, a new group …
Read more -
IBM i PTF Guide, Volume 27, Number 26
July 8, 2025 Doug Bidwell
Brace yourself because the IBM i platform has five security vulnerabilities that you have to analyze and cope with in this week’s issue of the IBM i PTF Guide.
Let’s just jump right in and get to it.
First, we have Security Bulletin: IBM WebSphere Application Server is affected by arbitrary code execution (CVE-2025-36038), about which you can find out more at this link. The affected software is IBM WebSphere Application Server 8.5 and 9.0.
Second, there is Security Bulletin: IBM i is affected by a user gaining elevated privileges due to an unqualified library call vulnerability in …
Read more -
IBM i PTF Guide, Volume 27, Numbers 21 And 22
June 2, 2025 Doug Bidwell
It is once again “ketchup week” here at The Four Hundred thanks to the Memorial Day holiday last week in the United States, and that means you get two IBM i PTF Guides for the price of one this week.
So let’s start with Volume 27 Number 21 dated May 24. There is a whole bunch of stuff to deal with.
First, there is a flash alert: IBM i HTTP Server Validation List Authentication Suddenly Fails After IBM i HTTP Group PTF Apply. You can find out more about this here. IBM says: “If you have applied one of …
Read more -
Another Non-TR “Technology Refresh” Happens With IBM i TR6
May 5, 2025 Timothy Prickett Morgan
As you know, Big Blue released IBM i 7.6 and IBM i 7.5 Technology Refresh 6 (TR6) on April 8, with the expectation that both would ship to customers on April 18. IBM i 7.6 was detailed in announcement letter AD25-0031 and IBM i 7.5 TR6 was revealed in announcement letter AD25-0077. We’re all good there. And many of the features in IBM i 7.6 were backcast as a refresh into IBM i 7.5 with TR6, if you read the announcement letters.
IBM i 7.6 was available on April 18 as expected, but we know a bunch of people …
Read more
