[Owasp-leaders] Summit Regonline

James McGovern JMcGovern at virtusa.com
Wed Jan 12 14:07:21 EST 2011

Couldn't resist chiming in.


1.       The risk to the consumer is $0 as credit card companies will
reimburse. With that being said, there is an unstated cost to
aggravating consumers when this happens. Need a metric around this.

2.       If regonline suffers from SQLI vulnerability, maybe the issue
isn't in OWASP negotiation but in the fact that PCI-DSS needs to have a
way for when this is uncovered that their QSA could learn of it? With
that being said, when we negotiated with them, did we use our own
contract annex?

3.       The biggest risk here is one of brand risk. Imagine if it got
out that OWASP uses a site for credit card collection that doesn't even
comply to the top ten...


James McGovern

Virtusa was recently ranked and featured in 2010 Deloitte Technology Fast 500, 2010 Global Services 100, IAOP's 2010 Global Outsourcing 100 sub-list and 2010 FinTech 100 among others.


This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is intended for the addressee only. Any unauthorized disclosure, use, dissemination, copying, or distribution of this message or any of its attachments or the information contained in this e-mail, or the taking of any action based on it, is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this message.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110112/bcfcd70f/attachment.html 

More information about the OWASP-Leaders mailing list