Well it’s been a while since I posted anything here. I have a million excuses, but I’m sure everyone has heard them all.
I have decided to take a change of direction in the PCI standard review that I most recently blogged about. After having several conversations with Mark Curphey, I’ve decided the best approach to the issue is working with him and several others on a new OWASP project – The OWASP Web Security Certification Framework.
It is our hope that this will be adopted and used to meet web application security requirements for PCI compliance and any additional regulatory requirements associated with this topic. Look for more on this standard this summer.
For those of you who don’t know Mark, I would highly encourage you check out his blog. He has a great security background working at places like Foundstone and ISS, as well as the original founder of OWASP. He’s currently working on a new startup that is taking off rapidly. I spoke to him about his new company and the work they are taking on, it’s very ambitous and fills a big gap in information security management software today.
If taking on the OWASP project wasn’t enough, I am also collaborating with Mark and others on something for the ISM Community. We’re creating a list of Tip & Tricks from the Field for the ISM Community Top 10. This will give readers a quick jump start on implementing key concepts for their Information Security Program.
Watch for more frequent updates and publications on these new projects.
