[Owasp-standards] No updates

owasp-standards-admin at lists.sourceforge.net owasp-standards-admin at lists.sourceforge.net
Mon Jan 23 09:12:10 EST 2006


Their statement is actually very worrying.

I was at a seminar last week on the whole PCI standard and there was  
a good handful of FTSE 100 clients present. The majority of questions  
asked were in relation to the web application layer and the chap from  
Mastercard admitted he didnt know enough of the requirements.

It seems that VISA/Mastercard have failed to work with the industry  
on this one and release a standard which 90% of companies are having  
dire issues understanding and implementing.

I feel that come the 30th June 2007, there will be a large amount of  
companies who fall foul of the requirements due to the ineffective  
manner in which VISA/Mastercard have implemented them


On 20 Jan 2006, at 19:11, owasp-standards-admin at lists.sourceforge.net  
wrote:

> Yep, it has been quiet recently :)  There's not been much traffic  
> for me to respond to, and as I've been busy in my real job, I've  
> not been able to work on the next version of the document yet  
> (although initially I did plan not to look at it until the end of  
> the month).
>
> With the next version of the document, I currently have a few  
> issues I'm working though.  Firstly, I need to consolidate all the  
> comments we've had on the list and plan out what's good, bad, and  
> needs changing with what we currently have.  As most of the  
> comments (from my perspective - I may be wrong, and I'll need to go  
> through the archives again) are at a higher level about the  
> intention of the project and where it fits in, I may have to scrap  
> what we have and start again on a different track - I'd like to get  
> peoples thoughts on this.  I don't what a highly descriptive  
> document like the owasp testing guide, nor something brief and  
> generic like the top 10.
>
> On a related note, I was contacted a couple of weeks ago from  
> representatives from Visa and MasterCard.  Initially they had  
> reservations about the project, but from reading the posts and  
> talking about the intentions of the project they feel that it's a  
> good, and timely, idea.  Once of the immediate things that came out  
> of that conversation was removing PCI from the project description  
> - something I've done on the OWASP project web pages, and posted a  
> message to the list about.  They were concerned with the  
> possibility of confusion with the project being endorsed by them.   
> I was happy to comply with this request as I was only using PCI as  
> a frame of reference and to give the project context, not to claim  
> any involvement with Visa/MC.
>
> Also, Visa/MC would like to be involved in the initial stages of  
> development, rather than just at the end where we were going to  
> propose the output of the project as an addition to the current  
> standards to them.  I think having them involved at the beginning  
> is great as they will be able to point out the things they are most  
> concerned about as well as provide input on what will and wont  
> work.  It's clear that they understand the project isn't solely  
> about credit-card processing systems, but gauging the security of  
> websites in general, however getting their insight wherever  
> possible can only benefit the project.  I'm currently waiting on  
> getting a round-table discussion set up to see how we can take  
> participation further.
>
> Well, that's about all I have for a status update on the project.   
> I'll post details as and when I get them.
>
> Cheers,
> Mike.
>
>
> On 1/18/06, owasp-standards-admin at lists.sourceforge.net < owasp- 
> standards-admin at lists.sourceforge.net> wrote:
> Hi All,
>
>
>
> Its been very quite. May i know where we are now! I mean when is  
> the next version of document will be out for review.....
>
>
>
> Thanks
>
> Ahmed Shahzad
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through  
> log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD  
> SPLUNK!
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=103432&bid=230486&dat=121642
> _______________________________________________
> Owasp-standards mailing list
> Owasp-standards at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-standards
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-standards/attachments/20060123/941c3472/attachment.html 


More information about the Owasp-standards mailing list