As I mentioned earlier the information commissioner's office has announced big fines (~£500k) for folks not getting their data security sorted out - web application or otherwise. I'd not be surprised to see at least 10 people get a big fine in the next 12 months and can imagine just what action will be taken with the CIO in charge of these outfits.
I hear from people on the grapevine that the banks are already starting to look downstream on their supply chain to ensure they don't have any dirty little secrets hanging around in there. Do you supply any of the big banks? My money would be on you being a target for a juicy fine.
Seen a great article at www.mcpmag.com which covers a lot of the drivers for Standards (CWE/SANS OWASP) and Legislation (US Fed/UK/NY State etc) currently out there.
Comments