Secure Development. NetDocuments’ Software Development Life Cycle (SDLC) methodology governs the acquisition, development, implementation, configuration, maintenance, modification, and management of software components. NetDocuments developers use secure coding guidelines based on leading industry standards and receive annual secure coding training. For each release, NetDocuments performs a security architecture review and conducts vulnerability scans and dynamic and static code reviews in the development environment. Identified vulnerabilities and coding defects are resolved prior to implementation, and an internal rollout is performed to test and troubleshoot the product release prior to placing it in production. NetDocuments utilizes a code versioning control system to maintain the integrity and security of application source code. Access privileges to the source code repository are reviewed quarterly and limited to authorized employees.
Secure Development. Supplier must implement and follow controls associated with the development, pre-production testing and delivery of any and all Services provided to Juniper Networks. For this section, Software or Hardware means the result of development, design, installation, configuration, production, or manufacture of computing code or devices that support or implement the Services. These secure development practices shall include the following:
Secure Development. Product management, development, test and deployment teams are required to follow secure application development policies and procedures that are aligned to industry-standard practices, such as the OWASP Top 10.
Secure Development. Use secure development and coding standards including secure change management procedures in accordance with industry standards. Perform penetration testing and/or scanning prior to releasing new software versions. Vendor will provide internal standards and procedures to ASU for review upon ASU request. EXHIBIT D – INSURANCE REQUIREMENTS Without limiting any liabilities or any other obligations of Vendor, Vendor will purchase and maintain (and cause its subcontractors to purchase and maintain), until all of their obligations have been discharged, including any warranty periods under this Contract, or are satisfied, insurance against claims for injury to persons or damage to property that may arise from or in connection with the performance of the Services. These insurance requirements are minimum requirements for this Contract and do not limit any indemnity covenants contained in this Contract. ASU does not warrant that these minimum limits are sufficient to protect Vendor from liabilities that might arise out of the performance of the Services by Vendor or the Vendor Parties, and Vendor is free to purchase additional insurance.
Secure Development a) The system shall be engineered following the ‘security by design’ principles.
Secure Development. The Third Party ensures that all software and services developed by the Third Party to provision the Third Party services, including those developed by the Third Party and those provided by others, have been developed following a secure software development lifecycle process which includes industry best practices for achieving and sustaining required security qualities for confidentiality, integrity and availability protection. In addition, software security vulnerabilities (see, for example the OWASP Top Ten or CWE listings) shall be avoided. The expected security measures and controls applied for software provisioning, such as Security Education of the development workforce, Secure Architecture and Design principles, Secure Coding practices, Security Testing methods and tools applied, Security Response to react timely on applicable software vulnerabilities that become known, as well as application security controls embedded and enforced by the software itself, such as identity management, authentication, authorization, encryption etc. shall be adequate to meet relevant business, technology and regulatory risks according to international standards such as ISO/IEC 27034. The Third Party has procedures in place to ensure integrity of software updates and can demonstrate that precautions are taken to ensure that any own or Third Party or open source software used for providing the Third Party services do not contain known backdoors, viruses, trojans or other kind of malicious code.
Secure Development. Use secure development and coding standards including secure change management procedures in accordance with industry standards. Perform penetration testing and/or scanning prior to releasing new software versions. Licensor will provide internal standards and procedures to the University for review upon the University’s request.
Secure Development. Code complexity increases the chance of security issues. CDD Solutions makes use of internal code reviews, linting tools, code security tools and automated tests to ensure the quality of the code, so it can be extended and maintained effectively. CDD Solutions strives to keep software dependencies up to date to mitigate the risk of security vulnerabilities. Development environments are password protected and encrypted using full disk encryption. CDD Solutions’ code repositories are protected using two-factor authentication. Passwords are stored securely in a password manager.
Secure Development. Third Party shall establish and maintain a secure development lifecycle (“SDL”) methodology to govern the acquisition, development, implementation, configuration, maintenance, modification, and management of infrastructure and software components. Third Party shall also limit access privileges to these source code repositories to authorized employees only.
Secure Development. Data Importer maintains a secure development program that includes measures such as secure coding practices; use of industry-standard practices to mitigate and protect against vulnerabilities; separate coding environments; source code vulnerability scanning; pre-release source code and application testing; and review of any open source of third-party code prior to its use.
