Code Reviews and Compliance

From OWASP
Revision as of 13:21, 29 June 2008 by Davidrook (Talk | contribs)

Jump to: navigation, search

Introduction

The Payment Card Industry Data Security Standard (referred to as PCI from now on) became a mandatory compliance step for companies processing credit card payments in June 2005.

Performing code reviews on custom code has been a requirement since the first version of the standard. This section will discuss what needs to be done with regards to code reviews to be compliant with the relevant PCI requirements.

Code Review Requirements