So what are my ideas on fixing the ASV process? Modify The ASV Program The conditions that drove the ASV process originally made sense. Vulnerability scanning tools were predominately open source …
Source: pciguru.wordpress.com
Could not have agreed more. The ASV requirement is very loose and relies on a methodology which really never gets reviewed by the QSA. As long as the QSA sees that a methodology exists, they accept it. The actual requirements have to be dictated with more clarity.