Open Source PCI-DSS
- Home
- What is PCI-DSS?
- Requirements
- Requirement 1
- Requirement 2
- Requirement 3
- Requirement 4
- Requirement 5
- Requirement 6
- Requirement 7
- Requirement 8
- Requirement 9
- Requirement 10
- Requirement 11
- Requirement 12
Requirement 6.3.7
Review of custom code prior to release to production or customers in order to identify any potential coding vulnerability
Note: This requirement for code reviews applies to all custom code (both internal and public-facing), as part of the system development life cycle required by PCI DSS Requirement 6.3. Code reviews can be conducted by knowledgeable internal personnel or third parties. Web applications are also subject to additional controls, if they are public facing, to address ongoing threats and vulnerabilities after implementation, as defined at PCI DSS Requirement 6.6.