Category: PCI DSS Requirement 6
Develop and maintain secure systems and applications.
PCI DSS Requirement 6 states that systems and applications require careful development and regular maintenance to ensure they are not only developed securely from the ground up but also regularly patched with updates provided by the developers. This is to ensure systems and applications are not exposing vulnerabilities that may be exploited by malicious individuals or hackers, who are targeting these systems to ultimately steal sensitive cardholder data such as credit and debit cards. In addition, often malware makes use of known (or in some cases unknown) vulnerabilities to automate the unpatched vulnerabilities to gain privileged access to the Cardholder Data Environment.