A typical developer experience of ‘being compliant’ usually means (vertically) reading through some guidelines or watching a presentation, before going back to coding features and focusing on creating software that customers will use and love. Everyone retains what they can in the moment (and tries to do the right thing at all times), but compliance guidelines – especially those surrounding security best practice – are not typically written with developers as the target audience, and any required actions can be unclear. In that scenario, it’s all too easy to just stay on-task with current objectives.
The thing is, secure software development is no longer a “nice to have” in any company; it is (or should be) front-of-mind in every organization... and if it’s holding vast amounts of sensitive customer information, then that company is ripe for the picking when it comes to cyberattacks.
Read the no-nonsense guide to getting your development team on-board with PCI-DSS compliance