ByronM - 10:48 pm on Jan 8, 2008 (gmt 0)

Hacker Safe isn't a source audit and you won't find a source audit for the 399-1200.00 that Hacker Safe costs.

Have any of you that love to hate on it actually used it? I'm not defending it in any shape/form/fashion because i too was leary of it and didn't buy it but i DO use the Hacker Safe PCI Compliance because it allowed me to do a self-audit for my credit card processor and in doing that self audit the "Hacker Safe" is more of a methodology and test process than it is a logo.

Its entirely sales-force driven so they try and sell you the "% of sales growth" that is possible using it and to business managers that is all they care for.

But when a tech head/project manager gets into a hackers safe audit/scanning report its really invaluable in knowledge that you gain from it.

For example Amazon.com doesn't have to bother, they have billions to spend on their platform but the average mid-small market ecommerce site that doesn't have the advantage of a full on security team they can leverage the hacker safe compliance/audit to catch the "low hanging fruit" and get a grasp of what PCI compliance/auditing/security auditing is all about.

Its just a shame that they sell it and other people conceptualize it as a "Selling tool" vs the auditing tool it really is invaluable for.

I'm sure it may help increase sales (at least prior to this fiasco) but then if its true the CEO can prove that geeks.com was in violation during the "hack" then its more power to them and a selling point to do daily audits and stick to the service.

Most "hack" attempts are script kiddies using known vulnerabilities and hacker-safe catches that pretty easily and if you can pass the PCI compliance audits then your on the way to safeguarding your consumers which in a way protects the IP of the brand.

it IS stupid to sell it as "Hacker Safe" and they should have branded it as "Compliance Secure" or something to show that they're PCI compliant and have daily security audits to meet that compliance.

HOWEVER i hope this doesn't turn into any mandates by credit card processors to purchase daily audits vs the ones require now.