[Owasp-cert] Thoughts on PCI/DSS
chw at hauser-wenz.de
Mon Jul 28 06:14:09 EDT 2008
I think the question is: Is someone who is not familiar with the intrinsic of PCI DSS still knowledgeable enough to be entitled to be certified? In my opinion: yes. Especially since even Fortune500 companies often just rely on a credit card fulfillment provider who is PCI DSS certified. Also, PCI DSS is not really focused on the web.
Generally, what we did at the other exam was that we did include questions on topic that were a bit off mainstream, but we included so few of them so that you could still pass the exam even if you did not get one of those right.
At some level, enterprises are struggling with implementing PCI compliance within their applications. Would it be bad if the exam in terms of coverage, asked a question that uncovers knowledge in the PCI subject areas? Likewise, would it be bad if we structured in a way that allowed PCI to endorse OWASP certification?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-cert