So, here is a perfect example showing the idea I shared in my post "Just A Thought on Compliance": the exact quote is "it’s a vendor’s responsibility to make bearing the costs of PCI manageable."
Did he say "it is vendor's role to 'sell stuff' using PCI." God no! He said that vendors will make PCI "bearable" for end-users. A big difference ...
Yes, PCI DSS is "a driver" for vendors to sell security tools AND "a sledgehammer" for end-users to "motivate" their bosses into releasing budget, but the reality is that PCI DSS compliance is a non-trivial challenge for many organizations, and that they need HELP more than they need "being sold to."
And help is on its way...
Possibly related posts: