On Jan 5, 2010, at 2:38 PM, Darren Bolding wrote: > PCI DSS does not require a "Web application firewall".
<http://searchsoftwarequality.techtarget.com/news/article/0,289142,sid92_gci1313797,00.html> Since no business is going to allow an external 'code review' (if it's even possible, given that they're likely using COTS products, the source code of which they simply don't have), this defaults to a requirement for the 'Web application firewall'. ;> ----------------------------------------------------------------------- Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken
