I would personally love to see and read through the responses to this inquiry by the FTC. I am hopeful a public record matrix is provided. This type of information and the changes that come from a public forum discussion are invaluable to the cause of better security patch management for mobile devices.
The PCI DSS process is about to get more complicated and compliance is going to be harder to obtain – and frankly that’s a good thing. Moving compliance efforts closer to real security efforts benefits the protection of data. Making compliance something to obtain, and not simply purchase, will create ownership and buy-in in the compliance process. Buy-in often leads to understanding which in turn can lead to valuing the effort and target outcome.
I look forward to seeing a few more teeth added to the PCI DSS, even if it takes the creation of a little kicking and screaming by the FTC.