- Do people trust QSAs who consider PCI-DSS 6.6 met if their organization only uses a network vulnerability scanner with a few web application security checks?
- Do organizations with a more mature software security program tend to deploy Web Application Firewalls more often than those who don't?
- As a result of economic downturn, what notable security projects are being cut from last years budget?
- Will Cross-Site Request Forgery security features be adopted through HTTP standardization, ad-hoc by Web browser vendors, or left solely up to website owners?
- Will secure code purchasing standards lead to secure code?
Tuesday, January 27, 2009
Some unanswered questions
In the Web security industry there is a consistent flow of current events, many of which lead to the asking of thoughtful questions. Frequently good thoughtful questions are not easy to answer, with no guaranteed they’ll ever be answered satisfactorily. I like to collect these kinds of questions, gather as much relevant information as possible, talk to people in the know, and the results of which will eventually shape my opinions on the subject. Below are a couple of things that have been I’ve been tracking. Perhaps readers her might want to share their thought as well.