It’s data breach report day today. Or, so it seems. My brain just ‘sploded on overload from all the fresh tasty stats received. There’s not enough time today to go through everything with a fine-toothed comb. Suffice to say: Data breaches are continuing to happen in growing numbers. Basic security practices still aren’t happening. As painful as it is to admit, it appears that regulations like PCI DSS are having a positive impact. Our codebase still leaves much to be desired, though there is reason to be a bit optimistic. That said, here’s the goods: Verizon Business 2011 Data Breach Investigation Report Veracode 2011 “State of Software Security” Report Ponemon 2011 PCI DSS Compliance Trends Study Incidentally, if you take[…]

It’s been talked about in the past about how important it is to become PCI DSS compliant. For some industries it’s an absolute must. Without it, they can’t conduct business. We’ve covered some of the latest updates to PCI as well. One of the most overlooked aspects of becoming PCI DSS compliant though is actually maintaining compliance. Instead, most simply rush out to meet the requirements in order to meet the auditor deadline. Instead, we should be looking at what needs to be done on a continual basis. It’s the down time after the audit where most data breaches occur. The following list, which was put together by Dr. Anton Chuvakin, will outline the areas that require some form of[…]