D/DoS mitigation hardware/software needed.

Dobbins, Roland rdobbins at arbor.net
Tue Jan 5 01:54:33 CST 2010


On Jan 5, 2010, at 2:38 PM, Darren Bolding wrote:

> PCI DSS does not require a "Web application firewall".

<http://searchsoftwarequality.techtarget.com/news/article/0,289142,sid92_gci1313797,00.html>

Since no business is going to allow an external 'code review' (if it's even possible, given that they're likely using COTS products, the source code of which they simply don't have), this defaults to a requirement for the 'Web application firewall'.

;>

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken







More information about the NANOG mailing list