[Owasp-topten] The PCI saga continues
Dave Wichers
dave.wichers at aspectsecurity.com
Wed Sep 6 08:57:08 EDT 2006
One interesting thing they 'added' was that 'scanning' vendors must be
able to detect these top 2. Before it was Vendors detecting the top 10.
Maybe they think its not feasible for scanners to detect the other 8
items (which is probably not unreasonable for today's state of the art).
This standard breaks reviewers down into two areas, scanning vendors and
auditors.
My question is, is there equivalent language for what auditors must be
able to find, and hopefully that still includes the full top 10. I
haven't reviewed the updated standard. Does it have equivalent language
that discusses what auditors must be able to find?
-Dave
-----Original Message-----
From: owasp-topten-bounces at lists.owasp.org
[mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Ralf Durkee
Sent: Wednesday, September 06, 2006 8:26 AM
To: Daniel Cuthbert
Cc: owasp-leaders at lists.owasp.org; owasp-topten at lists.owasp.org
Subject: Re: [Owasp-topten] The PCI saga continues
Try the following link, it worked better for me.
http://pcidss.wordpress.com/2006/04/13/
-- Ralf Durkee, CISSP, GSEC, GCIH, GSNA
Principal Security Consultant
Daniel Cuthbert wrote:
> Honestly, is there anyone at Mastercard/VISA who has a clue?
>
> So they have now dropped the requirement of the Top 10 being followed
> and replaced it with a Top 2
> http://pcidss.wordpress.com/2006/04/13/pci-mandates-drop-8-of-owasp-
> top-10-by-james-deluccia-iv/
>
> I give up...
>
>
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-topten
>
>
>
_______________________________________________
Owasp-topten mailing list
Owasp-topten at lists.owasp.org
http://lists.owasp.org/mailman/listinfo/owasp-topten
More information about the Owasp-topten
mailing list