[Info-vax] Variable declarations, was: Re: improving EDT
Bill Gunshannon
bill.gunshannon at gmail.com
Wed Nov 23 10:31:10 EST 2016
On 11/22/16 11:41 PM, David Froble wrote:
> Arne Vajhøj wrote:
>> On 11/22/2016 4:04 PM, David Froble wrote:
>>> I've had two experiences that caused me to throw in the towel and do
>>> whatever people wanted.
>>>
>>> 1) I mentioned to a customer that storing credit card data and checking
>>> account data with no protection on an IIS server wasn't a good idea.
>>> The response: "why not, everyone does it".
>>
>> One word:
>>
>> PCI-DSS
>
> Ayep! And, PCI isn't about security, it's about the credit card
> companies wanting someone else to be responsible when stuff happens.
>
And why shouldn't it be the programmer?
>>> 2) While discussing security with another customer I was told "my boss
>>> doesn't care about security".
>>
>> Unfortunately that happens.
>
> Ayep!
bill
More information about the Info-vax
mailing list