How do software security audits help organizations to comply with PCI?
The PCI DSS is demonstrably becoming a de facto standard of due care for any organization responsible for the privacy and integrity of data. Its focus on application security can be traced directly to many of the recent high profile breaches, where insecure applications have proved to be the point of access for hackers, and the source of data loss. As a result, PCI Requirement 6 calls for organizations to develop and maintain secure systems and applications, addressing security and review throughout the software development lifecycle. For more information on the application security requirements of PCI, read Meeting the PCI Application Security Requirements: Building Security In.