[Owasp-leaders] PCI project - anybody involved or leading?

Christian Heinrich christian.heinrich at owasp.org
Thu Nov 17 18:28:20 EST 2011


Tony,

On Wed, Nov 16, 2011 at 4:07 PM, Tony UcedaVelez <tonyuv at owasp.org> wrote:
> I personally don't agree with such a project b/c I know that the compliance
> tail will wag the security dog and I think it diverts from the germane focus
> of the org IMHO.

OWASP is cited by the PCI Security Standards Council and it is
therefore in our (OWASP) interests to use this project as a vehicle to
address explore issues the  security vs (conformance)/compliance and
other issues, such as ISO 2700x replacing PCI-DSS within this OWASP
Project.

On Wed, Nov 16, 2011 at 4:07 PM, Tony UcedaVelez <tonyuv at owasp.org> wrote:
> I am concerned however (as an aside) that project sponsors
> are listed on that page and they have contributed funds to a project that is
> dormant.  Is that a misread on the project sponsorship?

I am not associated with WhiteHat Security, Orbitz, SPSP or Fiserv,
rather Trey and Ed were and I believe Paulo was attempting to update
the Key Project Information on 9 March i.e.
https://www.owasp.org/index.php?title=Key_Project_Information:OWASP_PCI_Project&action=history


-- 
Regards,
Christian Heinrich
http://www.owasp.org/index.php/user:cmlh


More information about the OWASP-Leaders mailing list