I think that is a great idea. It also shows us why there is a finding as opposed to us accepting a statement at face value.
Paul M. Whitney E-mail: [email protected] Cell: 410.493.9448
When OVAL testing, should we show *how* we tested the OVAL? For example:
https://lists.fedorahosted.org/pipermail/scap-security-guide/2013-September/004023.html
IMO this helps by:
- Allowing the community to remind of us niche test cases, such as the
"Match" in sshd pointed out by Rui Bernardino
- Documenting test cases, which someday should (will?) make their way
into automated test cases
I found the overhead of copy/pasting what I was doing to be incredibly
minimal.
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
