[SC-L] PCI: Boon or bust for software security?
Kenneth Van Wyk
ken at krvw.com
Mon Mar 3 16:39:39 EST 2008
Greetings SC-L,
So here's a question to ponder. Now that PCI DSS 1.1 is out there
(save a couple June 2008 deadlines still looming), has it been good or
bad for software security as a whole?
It does require secure development processes (as prescribed by OWASP).
It does require sensitive cardholder data to be encrypted at rest and
in transit.
Has it improved the overall state of affairs, worsened it, or have
things pretty much remained the same.
Cheers,
Ken
-----
Kenneth R. van Wyk
SC-L Moderator
KRvW Associates, LLC
http://www.KRvW.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2500 bytes
Desc: not available
Url : http://krvw.com/pipermail/sc-l/attachments/20080303/0a939fd4/attachment.bin
More information about the SC-L
mailing list