|
| Contact Us | Downloads | News — August 14, 2008 | Search |
Compatibility Questionnaire: Red Hat, Inc (Red Hat Security Advisories)
General Capability Questions |
Accuracy Questions |
Documentation Questions |
Capability Specific Questions
Organizational InformationName of Your Organization:Red Hat, Inc
Web Site:Product Information Product/Service Name:Red Hat Security Advisories
Compatible Categories:OVAL Definition Producer
Product/Service Home Page:Product AccessibilityProvide a short description of how and where your capability is made available to your customers and the public (required):
OVAL definitions for Red Hat Enterprise Linux 3 and 4 errata are
available individually and as a complete archive, updated within
an hour of each new security advisory being made available on the
Red Hat Network. The URL is currently
http://people.redhat.com/mjc/oval/
Language Version IndicationDescribe how and where the capability indicates the version of the OVAL Language used to validate, create, or update its content. (required):
The FAQ explains the OVAL version. This will be available from http://www.redhat.com/security/transparent/oval/
Approach for Correction of ErrorsIndicate how a user who discovers an error in the capability's use of OVAL can report the error. (required):
Email to secalert@redhat.com
Describe the approach to responding to the above error reports and how applicable fixes will be applied. (required):
Definitions are automatically created. Any flaws in our creation scripts can be made and definitions repushed. If necessary we can cause all definitions to be regenerated (this will automatically increment the version of each definition)
Compatibility DocumentationProvide a copy, or directions to its location, of where the documentation describes OVAL, OVAL compatibility and/or OVAL-ID compatibility for your customers (required):
The FAQ explains OVAL compatibility. This will be available from http://www.redhat.com/security/transparent/oval/
Finding Elements Using OVALProvide details regarding how users can identify and find individual OVAL content (through OVAL-IDs) that is being consumed by the capability. For example, how can a user determine which definitions have been consumed and what the result of each definition is. (required):
Each OVAL-ID maps directly to a Red Hat Security Advisory. For example a Red Hat Security advisory RHSA-2006:0425 would have the OVAL-ID oval:com.redhat.rhsa:def:20060425 and hence the filename com.redhat.rhsa-20060425.xml
Questions for SignatureStatement of CompatibilityHave an authorized individual sign and date the following Compatibility Statement (required): "As an authorized representative of my organization I agree that we will abide by all of the mandatory compatibility requirements as well as all of the additional mandatory compatibility requirements that are appropriate for our specific type of capability."
Statement of AccuracyHave an authorized individual sign and date the following accuracy Statement (recommended): "As an authorized representative of my organization and to the best of my knowledge, there are no errors in the correctness of our capability's use of the OVAL Language and the interpretation of the logic."
Statement on Follow-on Correctness Testing SupportHave an authorized individual sign and date the following statement about your organizations willingness to support correctness testing of other capabilities, which will be managed by the Reviewing Authority and kept to reasonable levels of effort for all involved. (required): "As an authorized representative of my organization, we agree to support the Review Authority in follow-on correctness testing activities, where appropriate types of OVAL documents might need to be exchanged with other organizations attempting to prove the correctness of their capabilities."
Page Last Updated: June 22, 2006 |
|
|||||||||||||||||||
 |
||
