At the RSA Conference yesterday I was reminded of The Three Stigmata of Palmer Eldridge, a science-fiction book by Phillip K. Dick.
This book describes a dystopian future in which people escape into fantasy worlds through the help of the hallucinogenic drug CAN-D. One catch with using CAN-D is that you need to build a toy version of the fantasy world that you want to escape into.
Eventually the interstellar explorer Palmer Eldridge returns to Earth with CHEW-Z, an alternative to CAN-D that doesn’t require people to build the toy version of the fantasy worlds. One trade-off with CHEW-Z is that Palmer Eldridge appears in all of the fantasy worlds created by it.
After that, the story starts to get weird.
Now at the RSA Conference this year, almost every vendor was claiming that it was impossible to be PCI compliant without using their product. Some of these vendors were selling things that clearly had no connection to complying with the PCI DSS.
This seemed a bit odd.
Until I remembered reading Eldridge.
Suppose someone from the PCI SSC somehow visited Proxima Centauri and returned with an alien technology that they could somehow use to generate lots of interest in information security technologies, but with the side-effect that the PCI DSS would appear in the marketing message of every vendor. That might explain some of what I saw at the RSA Conference this year. And it’s just as likely to be true as some of the claims that vendors were making at the show.
(Standard disclaimer: no, this is not meant to be serious. So if you're thinking of reporting to the PCI SSC that I'm suggesting that they're providing hallucinogenic drugs to people, please don't waste their time. But on the Internet you need to make these things explicit, don't you?)