I've been inactive for awhile due to medical issues but I'm back and fully
involved again so I thought I'd turn to some of the best experts around
for some help.
I have a client looking for experience with or information concerning Code
Security Review processes related to System i and/or Infinum. The
Mastercard/Visa PCI requirements specify that when there is custom code
that accesses credit card data someone trained in code security must
review the code prior to production implementation. Any information on
best practices or education specifically targeted at System i is
appreciated.
We disagree on the intrepretation of some of the wording. Everything I've
read says an organization that is trained in Code Security Review must
audit the changes. That could be intrepreted to say that an outside
organization must review the code. My client believes the code can be
reviewed by someone else within the company not involved in the
development project. Any ideas of which intrepretation might be correct.
Thanks for any help!
Kendall Kinnear
Senior Systems Architect
KS2 Technologies, Inc
1020 Mustang Dr
Grapevine, TX 76051
Office: 817.310.1817
Fax: 817.310.1801
Mobile: 214.676.3146
email: KKinnear@xxxxxxxxxx
http://www.ks2inc.com
midrange.com
