In addition to the initial costs to get into compliance (which vary largely depending on how the company business processes are set up), there is also a requirement for quarterly vulnerability scans by certified security organizations, so costs are ongoing, not one-time.
Judah On Tue, Jun 22, 2010 at 10:48 AM, Cameron Childress <[email protected]> wrote: > > On Tue, Jun 22, 2010 at 12:03 PM, Erika L. Rich <[email protected]> wrote: >> I usually use a number around $5k-$10k. I >> figure that's the minimum costs incurred in outsourcing to a PCI compliant >> experienced developer, etc. > > That's probably a good starting point. > > I wouldn't say there is really a standard price for something like > this though. Most companies that are not PCI compliant are that way > because they have no clue what they are doing from a development > perspective. That means the PCI compliance issues are probbaly the > tip of the iceberg. > > So you say, "fine, ignore all the bad code and just fix PCI". That's > all fine and dandy but if you really want to make sure it's PCI > compliant you're going to need at least a little bit of understanding > of what the code's doing. Plus potentially a hundred other security > related issues that need fixin'. > > PCI is just the top layer of the onion. > > -Cameron > > .. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:321689 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-community/unsubscribe.cfm
