[SCAP-On-Apple] Mac OS X proposed pkginfo OVAL Test.
Jacobsen, Jasen W.
jasenj1 at mitre.org
Wed Jul 24 05:57:01 PDT 2013
At this year's Developer Days Workshop I presented a briefing to the OVAL developer community proposing an addition to OVAL that would allow querying of the OS X package receipt database as exposed by "pkgutil --pkg-info". During the briefing, I raised the issue – and it was confirmed by the Apple representatives attending – that while, the package receipt database provides historical data of what the Installer did, it does not necessarily represent current system state. E.g an application may have been installed at one time, but the user may have thrown it in the trash and deleted it; the receipt database would not reflect that change. The consensus from the attendees was that it would be preferable for OVAL to have a way to report accurate current system state rather than historical data that may not represent current system state. And until such an accurate reporting feature is available, it would be best to avoid adding a feature that exposes the package receipt database – thus perhaps leading OVAL content authors to write content that would return unreliable results.
Based on that guidance, I look forward to working with the SCAP on Apple community to develop OVAL features to provide system auditing capabilities that comply with OS X best practices.
Thanks to all who participated in the discussion leading up to the presentation. The insight you provided helped guide the OVAL developer community to make an informed decision.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the SCAP-On-Apple