The PCI DSS is demonstrably becoming a de facto standard of due care for any organization responsible for the privacy and integrity of data. The increased focus on application security in the latest revisions of the PCI DSS can be traced directly to many of the recent high profile breaches, where insecure applications have proved to be the point of access for hackers, and the source of data loss.

Download this white paper, focusing on the growing industry understanding about the impact of insecure applications on data privacy and discussing in detail:
Requirement 3: Protect stored cardholder data - Applications play a critical role in the task of protecting cardholder data in its stored state, particularly through the proper implementation of appropriate access control and cryptography.
Requirement 6: Develop and maintain secure systems and applications - This requirement will be considered a "best practice" until June 30, 2008, at which point it becomes a requirement.
These requirements, in particular, make application security a cornerstone of the PCI compliance effort and the drive to protect cardholder data.