This paper discusses the overlap between compliance and software security. At first glance, this overlap is limited to the specific software security requirements posed in standards such as the PA DSS. In practice however, software security and IT compliance are deeply intertwined.