Ready for more DevOpsDays?

DevOpsDays DC will return June 8-9, 2016.

Pipelining SCAP

Facilitator:

Scribe:

• SCAP encompass multiple standards. OVAL is the one for testing. (Open Vulnerability and Assessment Language)

• The standards were born out of configuraiton management and thus require testing against deployed software

• Ideally tests should be run against a full-scale system -- existing integration and/or acceptance testing frameworks are the natrual fit

• Most compliance frameworks mandate (or will soon mandate) testing of production systems

• Secure configuration is not a replacement for secure software

• Compliance requires the use of certified tools.

• The LGPL licensed OpenSCAP 1.0.x is certified, and 1.2.x is in in the process of certification
• Certified tools are also available from commercial vendors