OWASP PCI Project :: Introduction and Call for Participation! We are formally introducing the OWASP PCI Project to the Web Application Security community! The industry needs a workspace for PCI QSAs* and Application Security experts to work constructively together - the OWASP PCI Project will serve as the platform in building community consensus.
The PCI Project drives focused discussion and awareness, promoting a thorough understanding of how to ensure safety in online payments. Our mission is to: +Make payment application security requirements achievable, +QSA perspective and audit points accessible, +A unified and mutually agreed upon approach to secure payment applications, and sustainable compliance The scope of this group will ultimately extend beyond PCI, becoming a scalable software risk management framework for other regulations. By focusing on managing risk – we are ensuring web sites, applications, and web enabled software of any type are secured the right way (and making compliance a natural and sustainable byproduct). Now is the time to get involved! Visit the project site and sign up! We are starting to build the project roadmap, we need YOUR help in framing this project! <https://lists.owasp.org/mailman/listinfo/owasp-pci-project> Proposed projects include: +PCI Application Security Scoping Guidance, +Application Security Development Guidance, +PCI Application Security Auditor’s Playbooks, +More to come! Feel free to contact Trey Ford or Ed Bellis directly with any questions. ford <dot> trey <at> gmail <dot> com ed <dot> bellis <at> gmail <dot> com OWASP PCI Project : http://www.owasp.org/index.php/Category:OWASP_PCI_Project Thank you, Trey Ford and Ed Bellis * QSAs are Qualified Security Assessors- the individuals responsible for performing onsite audits and interpreting the PCI standard) _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________