I gave you all a short justification yesterday about why I am not in the hardware business. A very important aspect of software, especially software as a service is to provide for others to use your software in ways that you never intended.
One of the best, recent API success stories is the API at twitter. [...]
That’s a comment that is sure to get your attention, especially when it comes from your 12 year old son on a Sunday afternoon. This question, I needed to investigate. It turns out my son Ted was intent on hacking his PSP to give it new functionality that its creators (Sony) had not provided.
He showed [...]
Here http://www.gss.co.uk/news/?&id=5098 is an interesting article about the difference between PCI compliance and security. The point of the article is that purchasing compliant products doesn’t necessarily make you secure. This reminds me of a related point: that much of compliance is about human processes and procedures. Even if your equipment is compliant, you still need [...]
Drew Mize, vice president of product management and marketing at The Pinnacle Corporation wrote a very interesting short piece on PCI Myths that is worth reading. Unfortunately, its only available via the print copy of the magazine for the Association for Convenience and Petroleum Retailing.
Two of the most salient points are first, that it’s the [...]
Cisco Systems is making big strides in the security space. Of the many moves they have made, one of the more interesting (and quieter) is building two blades for their immensely popular Integrated Services Router (ISR) router family. There are over 3 million ISR’s deployed today. The modular design of the ISR makes it a [...]
Most traditional DVR vendors answer the PCI question with the simple response “The DVR doesn’t process credit card transactions; therefore it does not have to be PCI compliant”. Unfortunately, this response ignores the fact that any DVR that is Internet accessible is a serious risk to the merchant’s PCI compliance, unless it meets the PCI-DSS [...]
Any company that processes credit card transactions must be PCI compliant. Merchants that are not compliant may be fined or can pay the ultimate price when they get hacked!
So the question is, how do you best obtain and maintain PCI compliance? The general answer to this always starts with the IT environment that is deployed [...]
The Payment Card Industry (PCI) Data Security Standard (DSS) is composed of 12 basic requirements that are summarized:
<!–[if !supportLists]–>1) <!–[endif]–>Build and maintain a secure network – establish configuration standards for network and computing equipment, develop policies & processes for update to those configurations, and pay attention to how the network equipment and servers are configured.
<!–[if [...]
Yesterday I asked the question how often a Software-as-a-Service provider should provide updates? Here is one live customer reaction “…they [the users] will go to use their Envysion the way that they have in the past and – now they have to do something different…” The point of this comment being that updates can be disruptive. When [...]
Krissi Danielsson provides a nice podcast interview with Paul Giurata of Catalyst Resources where they discuss the The Right and Wrong Way to Do SaaS.
One of the key characteristics they is the frequency of updates. Specifically, Paul suggests that “being able to update the software on probably a no more than 90 to 180 day cycle [...]
