PCI compliance
PCI compliance
Posted Oct 12, 2011 9:10 UTC (Wed) by njwhite (guest, #51848)In reply to: PCI compliance by corbet
Parent article: WineHQ database compromised
> They kept screaming, for example, that our version of
> SSH had known vulnerabilities - even though the distributor had long since patched those
> vulnerabilities out. All that mattered was The Checklist, which had little to do with how
> secure we actually were.
> SSH had known vulnerabilities - even though the distributor had long since patched those
> vulnerabilities out. All that mattered was The Checklist, which had little to do with how
> secure we actually were.
Yep, that sounds about our experience, too. I ended up writing a script to scrape info of patched CVE issues from our distribution's website and emailing the PCI people a list of links to "prove" that said patches have been applied.
It's all, I think, so that the card processor can push the liability for any losses away from them.