[Owasp-leaders] PCI, more ego than brains...

Eoin eoin.keary at owasp.org
Mon Mar 2 10:48:50 EST 2009

Its all cool baby......

I'm PCI compliant or so they say.... so I can hit the hackers with my
rolled-up cert when they come knocking on my web application.

If the payment card industry did nothing (did not introduce PCI DSS) we
would be complaining about the same thing, web insecurity.

PCI certification is not going to save us (them). The insecurity is
contained in the creation, application and deployment of the building blocks
of the web, PCI is never going to fix this or any other

Sure let them get certified, and hacked this is the cycle of life....

but its cool man, "get certified, go to the next level" :)


2009/2/28 Daniel Cuthbert <daniel.cuthbert at owasp.org>

> When I see stuff like this, it really does ram home the point of how little
> people actually get it.
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


OWASP Code Review Guide Lead Author
OWASP Ireland Chapter Lead
OWASP Global Committee Member (Industry)

Quis custodiet ipsos custodes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090302/efbad60e/attachment-0001.html 

More information about the OWASP-Leaders mailing list