My basis for this is discussions with PCI assessors from multiple firms that perform large numbers of assessments per year. Next time I run into some, I'll ask to see if the usage has increased, its been a few months since I asked this of any of them. --D On Tue, Jan 5, 2010 at 1:02 AM, Dobbins, Roland <rdobbins@arbor.net> wrote:
On Jan 5, 2010, at 3:58 PM, Darren Bolding wrote:
I believe their is strong evidence that the use of web application firewalls to meet this DSS requirement is smaller than you might think. I would not be surprised if it was significantly less than 50%- perhaps 20%.
This directly contradicts my experience working for vendor of such products, FWIW.
But I hope this is indeed the case, as it will lead to higher availability for organizations which go this route!
----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken
-- -- Darren Bolding -- -- darren@bolding.org --