"PCI Secure Software Standard 1.2 Released"

The PCI Security Standards Council (PCI SSC) has released version 1.2 of the PCI Secure Software Standard as well as the supporting program documentation. The PCI Secure Software Standard is one of two PCI Software Security Framework (SSF) standards. The PCI Secure Software Standard and its security requirements help ensure that the design, development, and maintenance of payment software protects payment transactions and data, reduces vulnerabilities, and prevents attacks. The Web Software Module is a set of supplemental security requirements introduced in version 1.2 of the PCI Secure Software Standard to address the most common security issues associated with the use of Internet-accessible payment technologies. According to Emma Sutcliffe, SVP Standards Officer of the PCI SSC, the PCI Secure Software Standard is designed to provide a more flexible approach to testing the security and integrity of payment software. The Web Software Module was developed to help software vendors and developers identify and implement appropriate software security controls to protect against common web software attacks. The Web Software Module includes high-level requirement areas such as documenting and tracking the use of open-source and third-party software components and Application Programming Interfaces (APIs) in payment software. This article continues to discuss version 1.2 of the PCI Secure Software Standard.

Help Net Security reports "PCI Secure Software Standard 1.2 Released"