VPN Haus: Do the new standards leave too much open to merchant's interpretation?
Anton Chuvakin: This is really a $1 million-question and only practice will tell. I think the 2.0 version leave less than before to interpretation. For example, virtualization was a big question mark in many merchants' mind and now it is resolved. Many ot
VPN Haus: Do you think pushing the DSS lifecycle from 24 months to 3 years will stagnate the rate of change? Or will it allow more time to investigate and build support around necessary changes?
Chuvakin: Well, I will side with [PCI General Manager<a href="https://www.pcisecuritystandards.org/organization_info/bob-russo.php"> Bob Russo</a>] on this one: PCI DSS is getting mature enough to not need change that frequently. While some assault the s
See previous interviews VPN Haus did with Chuvakin on PCI compliance here and here.