The Council is hosting a couple of ‘open mic’ webinars for industry stakeholders on the 8th and 9th of December.  They are trying to update the industry following the Community Meeting and get some feedback or questions….
These are typically reserved for Participating Organizations, but for this round they are opening it up to the broader industry…  Here’s the link:
PCI Council Webinar Release

OK - this is the feedback on the Community Meeting that I had mentioned although it really turned into a philosophical post about what your PCI partners should really be doing for you (hint: being a partner).
This one’s over at the NetSPI blog as well (I swear that I’m still going to be posting over here on a more regular basis, but, since NetSPI’s doing a good job with the blog, I’m going to blend my posts between the two blogs…).  Any feedback is going to have to come here, …

PCI is just so damn interesting - it’s like a soap opera…  Seriously - if you don’t have to deal with it everyday, I’m sure (as a retailer) that you count yourself lucky, but honestly it’s a hoot.
The game at hand is a combination of punishment and liability avoidance - the case of Hannaford is a good example.  Just when you think it’s all over and Hannaford gets to pick up the pieces and move on, everything takes a new twist.  Now the Maine Supreme Court is getting involved and …

OK - I’ve got a couple of posts that I’ll be putting up shortly - one on some feedback from the PCI Community Meeting and one on that list of questions on PA-DSS.  I’ll try to get them up this weekend (work has been crazy and I just haven’t found/committed the time to get these written), but here’s a link to a post this morning from Deke George on the NetSPI blog regarding acquisitions in the security space.
NetSPI Blog - Mergers & Acquisitions

Just a reference to another NetSPI blog post that just went up…  link

I’m posting this up here again - I realize that a lot of people have already seen this, so it’s not new, but since some very detailed questions popped up in a conversation this week regarding wireless and PCI I thought I’d put it out there again…
Information Supplements - PCI Security Standards Council.

Seth Peter, NetSPI’s CTO participated in a webinar on Preventing Multi-Vector Attacks with Eric Schultze from Shavlik.  When two very technical security CTOs get together there is a concern (a legitimate concern) that things are going to be unmanageably technical, but it actually turned out to be a great event.  It was very conversational and did a very good job of highlighting some of the concerns involved in dealing with sophisticated attacks.
With that said, it might not be the sort of content that you are going to want to ask …

For those software vendors out there that are digging into PA-DSS and what it means for their organization, please read on.  This is not an in-depth discussion of PA-DSS, just a couple of things that have been popping up repeatedly for me in conversations with your peers - things that sometimes need clarification or that should be mentioned.  Stuff You Probably Should Know About PA-DSS

It’s not PABP - this may sound obvious, but I’m going to repeat it - PA-DSS is not PABP.  Accept this fact - if your assessment …

Tim over at nCircle posted this blog entry on his blog (The Lens).  Pretty interesting thoughts on PCI and the situation with Coleman’s breach issues.
PCI and Politics (The Lens).

Quick statement from RBS in response to a request for information from the Office of Inadequate Security Blog.
RBS WorldPay statement | Office of Inadequate Security.