Once again, some meddling children have discovered an obscure bug in SSL that could mean a data leakage. So I (and umpteen million other people) are suddenly not compliant woth the PCI DSS (payment card industry data security standard) and I have to update my software.
This time, it went easily. I downloaded, compiled and installed the latest version of SSL, recompiled apache, restarted apache, got the server retested and all is now cool. We're compliant. I would guess that 99% of all other servers, are not compliant, I would further guess that more than 90% won't be compliant by Christmas.
If it weren't for those meddling children, I would never have known.
And oh what fun! Version 3.0 of the PCI DSS will go into effect on January 1 2015.
Meanwhile, back in reality. A Verizon report says that in 2013, 89% of companies are not PCI DSS compliant.