Be secure, and you'll be compliant
Thereís been some recent chatter and speculation on the upcoming enhancement to the PCI standard. Among the discussions, Iíd like to publicize my opinion on one argument Iíve heard multiple times during the last few days. The argument goes something like this: The cost of performing security code reviews is too high, but the cost of performing black box reviews and/or implementing web application firewalls is lower. Therefore, the solution is to recommend that organizations rely on penetration assessments and/or web application firewalls.
[ Read more ]