DC 2015 - Program


Ready for more DevOpsDays?

DevOpsDays DC will return June 8-9, 2016.

Pipelining SCAP



  • SCAP encompass multiple standards. OVAL is the one for testing. (Open Vulnerability and Assessment Language)

  • The standards were born out of configuraiton management and thus require testing against deployed software

  • Ideally tests should be run against a full-scale system -- existing integration and/or acceptance testing frameworks are the natrual fit
  • Most compliance frameworks mandate (or will soon mandate) testing of production systems

  • Secure configuration is not a replacement for secure software

  • Compliance requires the use of certified tools.

  • The LGPL licensed OpenSCAP 1.0.x is certified, and 1.2.x is in in the process of certification
  • Certified tools are also available from commercial vendors

Platinum & Venue Sponsor


Platinum Sponsors

Excella Consulting Sumo Logic Netuitive Ansible Chef CustomInk Delphix Red Hat Elastic VictorOps Fugue Sonatype FireEye

Gold Sponsors

InfoZen Comcast Circonus Opus Group, LLC BlackMesh PagerDuty govready

Silver Sponsors

Puppet Labs