[Info-vax] Variable declarations, was: Re: improving EDT
David Froble
davef at tsoft-inc.com
Tue Nov 22 23:41:40 EST 2016
Arne Vajhøj wrote:
> On 11/22/2016 4:04 PM, David Froble wrote:
>> I've had two experiences that caused me to throw in the towel and do
>> whatever people wanted.
>>
>> 1) I mentioned to a customer that storing credit card data and checking
>> account data with no protection on an IIS server wasn't a good idea.
>> The response: "why not, everyone does it".
>
> One word:
>
> PCI-DSS
Ayep! And, PCI isn't about security, it's about the credit card companies
wanting someone else to be responsible when stuff happens.
>> 2) While discussing security with another customer I was told "my boss
>> doesn't care about security".
>
> Unfortunately that happens.
Ayep!
More information about the Info-vax
mailing list