The PCI Secure Software framework has been updated, emphasizing third-party libraries, security best practices, and developer education as key areas for compliance. Many companies struggle with developer security education, often spending money on tools but neglecting to teach developers about security. Leveraging automation tools, such as Snyk, can help bridge this gap by providing regular vulnerability management, testing, and mitigation. Deliveroo's use of Snyk enables them to meet PCI-DSS requirements, including ensuring all systems and software are protected from known vulnerabilities. As the new rules take effect, future iterations will likely focus on open source dependencies, making it essential for companies to ensure their security practices around this area are robust.