Re: [SC-L] InternetNews Realtime IT News - Merchants Cope With PCI Compliance

2008-06-30 Thread Michael Gavin
I too was wondering how much of a boon 6.6 would be to the WAF vendors and/or the companies that do security code reviews. That is, until 4/22, when the PCI SSC issued a press release (https://www.pcisecuritystandards.org/pdfs/04-22-08.pdf) announcing an information supplement clarifying requi

[SC-L] July 23: Stanford Emerging Threats and Defenses Symposium

2008-06-30 Thread Neil Daswani
The Stanford Center for Professional Development Advanced Security Certification Program Presents The *Emerging Threats and Defenses Symposium* Featuring Talks By Mary Ann Davi

Re: [SC-L] InternetNews Realtime IT News - Merchants Cope With PCICompliance

2008-06-30 Thread Chris Wysopal
Ken, Customers not wanting to part with source code is one of the reasons, at Veracode, we decided to take our static binary analysis technology to market as SaaS. You get the benefit of both automation, as with static source code analysis, and an external assessment, yet you don't have to part w

[SC-L] Root Canal Treatment vs Source Code Review

2008-06-30 Thread Jonathan Leffler
Under the subject "InternetNews Realtime IT News - Merchants Cope With PCI Compliance", Kenneth Van Wyk <[EMAIL PROTECTED]> wrote: [...] In talking with my customers over the past several months, I always find it interesting that the vast majority would sooner have root canal than submit their s

Re: [SC-L] InternetNews Realtime IT News - Merchants Cope With PCI Compliance

2008-06-30 Thread ljknews
At 9:44 AM -0400 6/30/08, Kenneth Van Wyk wrote: > Happy PCI-DSS 6.6 day, everyone. (Wow, that's a sentence you don't > hear often.) > > http://www.internetnews.com/ec-news/article.php/3755916 > > In talking with my customers over the past several months, I always > find it interesting that

Re: [SC-L] InternetNews Realtime IT News - Merchants Cope With PCI Compliance

2008-06-30 Thread Gunnar Peterson
for the vast majority of the profession - slamming the magic pizza box in a rack is more preferable than talking to developers. in many cases the biggest barrier to getting better security in companies is the so-called information security group. it has very little to do with technology, its a

[SC-L] InternetNews Realtime IT News - Merchants Cope With PCI Compliance

2008-06-30 Thread Kenneth Van Wyk
Happy PCI-DSS 6.6 day, everyone. (Wow, that's a sentence you don't hear often.) http://www.internetnews.com/ec-news/article.php/3755916 In talking with my customers over the past several months, I always find it interesting that the vast majority would sooner have root canal than submit t