HOME > SECURITY RESOURCES > WHITE PAPER ABSTRACT
These library resources require an Ounce Labs ID. Log in or register.
PCI Compliance at the Source
As the recent breaches have made all too clear, data security starts with software security. It is in source code that encryption is enforced, the security of network communications is established, and access control is set. Or not.
Proper compliance with PCI requires a consistent, thorough, metrics-based method for identifying, addressing, and reporting on the vulnerabilities in software that put data at risk.
This Security Topics Brief discusses how Ounce Labs can help organizations comply with the application security-specific requirements of the PCI DSS:
- Requirement 3: Protect stored cardholder data
- Applications play a critical role in the task of protecting cardholder data in its stored state , particularly through the proper implementation of appropriate access control and cryptography.
- Requirement 6: Develop and maintain secure systems and applications.
- This requirement will be considered a "best practice" until June 30, 2008, at which point it becomes a requirement.
With PCI-specific source code analysis and reporting, and the capability to analyze both web-facing and back office processing applications, Ounce is a solution to the challenge of truly understanding whether or not customer information is being protected appropriately by the software that manages your most critical data.