Michelle Davidson writes "SearchSoftwareQuality.com recently posted an article on clarifications made to requirement 6.6 of the PCI Data Security Standard and explains the options companies have to comply with it. Jeremiah Grossman and other app sec experts were interviewed for the article . Below is the information."

I don't usually link to articles like these but this is one of those hot debates in the industry that people have strong opinions on.

Whitepaper Link: http://searchsoftwarequality.techtarget.com/news/article/0,289142,sid92_gci1313797,00.html