Ounce in the News

Source code testers expect PCI windfall

November 8, 2007 InfoWorld

Summary
Payment card industry players created the PCI Data Security Standard to improve the security and privacy of their customers’ financial information. With the two elements of the PCI data protection regulation that address application security, Requirements 3 and 6, set to reach their deadlines during the first half of 2008, source code analysis vendors expect rapid growth as retailers and others invest to meet the regulation. Claudia Dent, SVP of Marketing at Ounce Labs Inc., the leading software risk analysis tool provider, expressed that PCI was the first standard with real specifics about how secure applications should handle data, and would have a global impact by requiring anyone from anywhere who handles these data to adhere to it. It remains to be answered how much business PCI will generate, but analysts agree that code audit development has outpaced the growth of broader IT security industry, and the tools themselves may become a popular format for proving web application security to assessors.

Read full article at InfoWorld.

Find out more about PCI compliance.