APPLICATION AND SOFTWARE SECURITY Sample Clauses

APPLICATION AND SOFTWARE SECURITY. Zscaler agrees that its Product(s) will, at a minimum, incorporate the following: a) Zscaler uses third party auditors at least annually, to conduct automated (i.e., SAST, DAST and SCA) and manual security (i.e., penetration testing) assessments to ensure the Product codebase contains no known exploitable conditions classified as ‘Critical/Very High’ or ’High’, or otherwise captured on the OWASP Top 10 or SAN Top 25 lists. b) Zscaler agrees to provide, maintain and support its software and subsequent updates, upgrades, and bug fixes, such that the software is, and remains secure from Common Software Vulnerabilities in accordance with its product end of life (EOL) and end of sale (EOS) policy. c) Zscaler agrees to provide updates and patches to remediate security vulnerabilities based on severity by CVSSv3 score and will work to remediate any known zero-day exploits without undue delay. In case of critical vulnerabilities, Zscaler will deploy mitigation with urgency upon discovering the issue and push out a patch without undue delay thereafter depending on risk level post mitigation.

APPLICATION AND SOFTWARE SECURITY. 2.1 In addition to Counterparty's other obligations under the Agreement, including without limitation, Counterparty's confidentiality and security obligations, Counterparty shall maximize the security of Software according to the terms of this Schedule. 2.1.1 Counterparty will, at no additional cost to Company, develop secure Software via a Secure By Design approach. For purposes of this Schedule "Secure By Design" means that the Software minimizes security flaws based upon security principles and practices that include: