Re: TradeHill – Security Update – Round 1 PCI Compliance / Business Verification etc
PCI scanning and putting a seal on your website from Trust Guard, Verisign or McAffe doesn't make you immune to all attacks but it is one step towards a safer exchange and something we should have done a long time ago.
At least you acknowledge the uselessness of a seal. Really, it shouldn't be a selling point - every idiot can run nmap/nessus/acunetix ..
Luckily (from Camp BX):
Quote
We were tested for >1,000 known vulnerabilities specific to our platform and services by McAfee Secure
Means you're obviously 43x as secure as they are.
In all seriousness, publishing a report of a manually performed pentest or source code audit (perhaps with selected individuals) would be useful - this is 99% marketing talk like TrustGuard/McAfee sells it to their customers. But it's good to see you're at least informing your clients...