diff --git a/controls/os_spec.rb b/controls/os_spec.rb
index f6902ed..5f507c0 100644
--- a/controls/os_spec.rb
+++ b/controls/os_spec.rb
@@ -145,10 +145,12 @@
 control 'os-04' do
   impact 1.0
   title 'Dot in PATH variable'
-  desc 'Do not include the current working directory in PATH variable. This makes it easier for an attacker to gain extensive rights by executing a Trojan program'
+  desc 'Do not include the current working directory as well as its parent one in PATH variable. This makes it easier for an attacker to gain extensive rights by executing a Trojan program'
   describe os_env('PATH') do
     its('split') { should_not include('') }
+    its('split') { should_not include(' ') }
     its('split') { should_not include('.') }
+    its('split') { should_not include('..') }
   end
 end