[Owasp-leaders] PCI, more ego than brains...
Eduardo V. C. Neves
eduardo.neves at owasp.org
Mon Mar 2 21:08:44 EST 2009
So let's work together on that for the next Season of Code, including
an invitation to PCI Council to sponsor the project. :-) I am not
kidding, this is one more reason to use the standard in an adequate
fashion and in my perspective, something that add value to them and
also the market. Don't we have to make application security more
On Mar 2, 2009, at 11:57 AM, Rex Booth wrote:
> True - I think there is a good opportunity here.
> Along these lines, there was a letter to the editor in the latest SC
> magazine explaining just this - that compliance with PCI wouldn't even
> capture the OWASP top ten, let alone provide any real assurance of
> security. I'll see if I can scan it in later and provide it to the
> group. It's always good to see OWASP get unsolicited press.
> And agreed Eduardo - I would personally love to see a compliance vs
> security analysis presentation.
> Eduardo V. C. Neves wrote:
>> Well, sounds as their job to advise their own belly. :-)
>> However sounds as an opportunity to me, if we can use this to explain
>> why PCI-DSS and specifically the PA-DSS are only standards and also
>> subject to be exploited if the security is not deployed/maintained in
>> a holistic fashion (that's a quote... ).
>> Don't seems as a topic to be presented on the next AppSec?
>> Best regards,
>> - en
>> On Feb 28, 2009, at 3:23 AM, Daniel Cuthbert wrote:
>>> When I see stuff like this, it really does ram home the point of how
>>> little people actually get it.
>>> <Picture 1.jpg>
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
More information about the OWASP-Leaders