Yes, and I remember the UK government security approval scheme, where you got approved if your product did what you said it would do, irrespective of whether that was actually useful.
I kept threatening to have a product approved "comes in a blue box", and that would actually have been approved, after someone checked that it did indeed come in a blue box. On Fri, 3 Apr 2009, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote: > Date sent: Fri, 03 Apr 2009 23:18:00 +0100 (BST) > From: Drsolly <[email protected]> > > > The logic is impeccable. PCI DSS is only concerned about data kept in > > electronic form. By using pencil and paper, he remains PCI DSS compliant. > > I agree that, in terms of compliance, the logic works. It reminds me of > ISO27k in > that regard: if you are troubled by any particular vulnerability, and don't > want to > fix it, just ask to have it (or related system) removed from scope ... > > ====================== (quote inserted randomly by Pegasus Mailer) > [email protected] [email protected] [email protected] > Beware of all enterprises that require a new set of clothes. > - Henry David Thoreau > http://victoria.tc.ca/techrev/rms.htm > http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade > http://blogs.securiteam.com/index.php/archives/author/p1/ > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
