OWASP PCI Project Introduction

[ford.trey at gmail.com (Trey Ford)]

OWASP PCI Project :: Introduction and Call for Participation!

We are formally introducing the OWASP PCI Project to the Web
Application Security community! The industry needs a workspace for PCI
QSAs* and Application Security experts to work constructively together
- the OWASP PCI Project will serve as the platform in building
community consensus.

The PCI Project drives focused discussion and awareness, promoting a
thorough understanding of how to ensure safety in online payments.
Our mission is to:
+Make payment application security requirements achievable,
+QSA perspective and audit points accessible,
+A unified and mutually agreed upon approach to secure payment
applications, and sustainable compliance

The scope of this group will ultimately extend beyond PCI, becoming a
scalable software risk management framework for other regulations. ?By
focusing on managing risk ? we are ensuring web sites, applications,
and web enabled software of any type are secured the right way (and
making compliance a natural and sustainable byproduct).

Now is the time to get involved!? Visit the project site and sign up!
?We are starting to build the project roadmap, we need YOUR help in
framing this project!
<https://lists.owasp.org/mailman/listinfo/owasp-pci-project>

Proposed projects include:
+PCI Application Security Scoping Guidance,
+Application Security Development Guidance,
+PCI Application Security Auditor?s Playbooks,
+More to come!

Feel free to contact Trey Ford or Ed Bellis directly with any questions.
ford <dot> trey <at> gmail <dot> com
ed <dot> bellis <at> gmail <dot> com

OWASP PCI Project : http://www.owasp.org/index.php/Category:OWASP_PCI_Project

Thank you,
Trey Ford and Ed Bellis

* QSAs are Qualified Security Assessors- the individuals responsible
for performing onsite audits and interpreting the PCI standard)