PABP: An Interview
Now that I am back in town from traveling, I am going to take a quick detour from my experiences at BAI and speak about security. (As I said in an earlier post, an extremely important theme for those of us in the worlds of commerce.)
Last week, I had the opportunity to speak with Dr. Dobb’s Journal about the issue of PABP (soon to be PA-DSS) and security for software that is processing payments. If you have not had an opportunity to read the Journal, please click the link above, I highly recommend their content. Interestingly, they don’t have a specific platform/language/etc focus but cover issues and languages across the entire technology spectrum.
It seems that, in my many discussions surrounding PABP, there is a common chain of thought:
- What is PABP?
- What does it mean? (i.e. more specifics about the program)
- How hard is it?
That last question really represents the main issue. PABP compliance is not onerous. . .but it is not simple either. That is the reason that IPC developed the PABP Rapid Compliance Programme. We desire not only to streamline the process, but to assist in driving awareness in the market about the importance (and soon to be mandate) of secure software applications.
To read the interview, please click here.
What’s your perspective? Agree? Disagree? Anything to add? Critiques?
The comment form is below. . .
November 20, 2007
2 responses to PABP: An Interview
If you or your readers have any questions about PABP or PA-DSS please have them read the postings on PCI Answers:
or the online forum dedicated to it:
Thanks heaps. It is much appreciated.
For those of you who don’t know, or who don’t read the PCI DSS Compliance Demystified blog, Mike is an excellent resource on the details of PCI/PABP. As I’ve stated before, I am more than passingly familiar with the details. . .Mike, however, has been involved in training Qualified Security Assessors (QSAs). His knowledge, and focus, on the requirements is detailed and worth reading at length.