|
|
|
|
|
|
by ceejayoz
5280 days ago
|
|
|
> These are not covered as part of the PCI compliance requirements, as they're not compliance related - there's no way to effectively prove you have mitigated an "unknown unknown" (to quote Mr. Rumsfeld). PCI's reasoning behind requirements to prevent cross-site-scripting and similar attacks aren't really "unknown unknowns". |
|
|