[Global_education_committee] Fwd: PCI PA-DSS and PABP Training and "OWASP" Certification

Christian Heinrich christian.heinrich at owasp.org
Wed May 18 16:17:38 EDT 2011


Martin et al,

I am not sure if the GEC would like to assist in developing an
alternative to http://www.sans.org/visatop10/ which is endorsed by
http://usa.visa.com/merchants/risk_management/cisp_payment_applications.html?ep=v_sym_pabp#anchor_4

If so, I would like to forward this to the GIC for their consideration
of the relationship to SANS and VISA?

Also, should a deliverable be developed for
http://usa.visa.com/merchants/risk_management/cisp_payment_applications.html
considering that PABP has been deprecated by Visa for PA-DSS?

I would also like to acknowledge the PCI related deliverables
https://www.owasp.org/index.php/Category:OWASP_CBT_Project have had a
preliminary review performed by me i.e. due to impending travel.

---------- Forwarded message ----------
From: Christian Heinrich <christian.heinrich at owasp.org>
Date: Thu, May 19, 2011 at 5:58 AM
Subject: Re: Draft Project Plan - May 2011
To: Owasp-pci-project at lists.owasp.org


FYI, these releases of the draft project plan have been archived at
https://github.com/cmlh/OWASP_PCI

On Thu, May 12, 2011 at 1:36 PM, Christian Heinrich
<christian.heinrich at owasp.org> wrote:
> I have uploaded a revised Project Plan to
> https://files.me.com/cmlh/4hbutu (link valid for 30 days) with the
> following amendments:
>
> 1. 3-D Secure will be an independent OWASP Project from this OWASP
> (PCI) Project.
> 2. Visa have formed a relationship with SANS related to PA-DSS
> Training i.e. http://www.sans.org/visatop10/
>
> If there are no further comments, suggestions, flames, etc then I will
> commence the negotiations with resources listed after AusCERT 2011
> i.e. from 17 May hence why I haven't included other OWASP Mailing
> Lists yet.
>
> On Mon, Apr 25, 2011 at 7:50 PM, Christian Heinrich
> <christian.heinrich at owasp.org> wrote:
>> ... and 3DSecure possibly encapsulated under PCI-DSS?
>>
>> On Mon, Apr 25, 2011 at 7:47 PM, Christian Heinrich
>> <christian.heinrich at owasp.org> wrote:
>>> Another task would be PBAP which could be encapsulated under PA-DSS
>>>
>>> On Sun, Apr 24, 2011 at 10:17 AM, Christian Heinrich
>>> <christian.heinrich at owasp.org> wrote:
>>>> I have uploaded the draft project plan to
>>>> https://files.me.com/cmlh/7ase5d (link valid for 30 days) based on our
>>>> thread from March i.e.
>>>> https://lists.owasp.org/pipermail/owasp-pci-project/2011-March/thread.html
>>>>
>>>> To view the .pod requires http://openproj.org/ and I have also
>>>> included a screenshot within the .tar.gz also.
>>>>
>>>> Background information on the notes within the .pod is available from
>>>> https://lists.owasp.org/pipermail/owasp-pci-project/2011-March/thread.html.
>>>>
>>>> Please note that while the dates for the PCI SCC Community Meeting are
>>>> correct the effort of each task has not been estimated so the value of
>>>> "1 Day" will be incorrect.
>>>>
>>>> I have also attempted to document the various interactions with other
>>>> OWASP Committees, the PCI SSC and a PA-QSA.
>>>>
>>>> Please let me know if there are any errors, tasks which I may have
>>>> unintentionally left out, etc?
>>>>
>>>> Also, please expect a delay in my reply until 11 May as I will be
>>>> travelling i.e. http://www.dopplr.com/traveller/cmlh and I intent to
>>>> commence the negotiations with resources listed after AusCERT 2011
>>>> i.e. from 17 May hence why I haven't included other OWASP Mailing
>>>> Lists yet.

-- 
Regards,
Christian Heinrich
http://www.owasp.org/index.php/user:cmlh


More information about the Global_education_committee mailing list