IBM Sterling Ideas
formerly Watson Supply Chain
Submit new product ideas for IBM Sterling solutions. Before you submit, please review existing ideas; if an idea close to yours already exists, it's better to add comments or vote on the existing idea. We will review your ideas and use them to help prioritize our product development. Best of all, the portal will automatically update you when the status of your idea has been changed. Order Management, Store Engagement, Watson Order Optimizer, Inventory Visibility, CPQ and Call Center are now part of Watson Supply Chain
Connect with IBM experts and your peers on the
Supply Chain Collaboration Community and the Order Management Interest Group
We have a requirement when obtaining software and need IBM to provide an answer around the following requirement:
We need to be able to test the source and integrity of the software being installed in the HSD environments. In my experience, this is the case for AIX and RHEL. I think RHEL uses gpg signatures, which are checked by the rpm install process (with the appropriate public keys in the local repository).
Could you tell us if Connect:Direct goes through the standard signature verification process?
For the Connect:Direct Secure Plus software, we’ll need to do some extra handling. All software that is used has to be approved by the Corporate Information Security validation process. We have an ingress that loosely is:
• SME for tool and/or agent obtains a digitally-signed agent from vendor
o Digital signature + checksum = Best
o Digital signature only = Nice
o Checksum only = Okay
How will this idea be used?
To validate authenticity of downloaded software, this is a new requirement for the bank.
|What is your industry?||Banking|
|What is the idea priority?||High|
|Link to original RFE|