I have spoken with a number of companies over the last several weeks that are preparing themselves to go through the PA-DSS assessment process (software providers, not security firms) and they all are trying to understand the level of priority that they need to set.  Particularly smaller firms are trying to come to grips with the fact that they are now required to go through an expensive, potentially disruptive assessment process that they didn’t have to address previously.
It only makes sense that they all end up asking the question, ‘are …

For those software vendors out there that are digging into PA-DSS and what it means for their organization, please read on.  This is not an in-depth discussion of PA-DSS, just a couple of things that have been popping up repeatedly for me in conversations with your peers - things that sometimes need clarification or that should be mentioned.  Stuff You Probably Should Know About PA-DSS

It’s not PABP - this may sound obvious, but I’m going to repeat it - PA-DSS is not PABP.  Accept this fact - if your assessment …