SAP Security Notes
Recently SAP simplified the way to find out about potential security issues related to the our software. You can find any related notes by going to the top of the service marketplace support portal.
Go to http://service.sap.com/securitynotes and then you can click on “Display SAP Security Notes” to get a pretty extensive list.
You can also use the Service Marketplace options to subscribe to this information, so you will see it automatically using an RSS reader.
SAP Point of Sale
A colleague mentioned to me that SAP had posted a security note that could affect some users of SAP Point of Sale. In summary, it looks like a handful of retailers may be using functionality that could lead to a PCI DSS issue for them. I recommend that you check the service marketplace for details, and take appropriate action.
To find it, you can look at the security notes as mentioned above, or search for note # 1403618 which is for IS-R-TGM-POS. The note was released November 18th, 2009.
The good news is that the issue doesn’t affect everyone, but its definitely worth having a look at. Also, there is a straightforward solution.
PCI Standard Revision Underway
It looks like the PCI Security Standards Council is revising the specifications again. The review process has started for PCI DSS 1.2. It may be worthwhile to learn more on the evolution of the standard so that you are prepared.
To learn more, I encourage you to visit the PCI SSC web site: https://www.pcisecuritystandards.org/
Hopefully these will not be substantial changes, but as always, it pays to stay informed.