Application and System Security. Supplier agrees at all times to provide, maintain and support its software release and subsequent updates, upgrades, and bug fixes such that the software is, and remains secure from those vulnerabilities using applicable and recognized industry practices or standards including:
Application and System Security. Supplier agrees to engage in, at a minimum annually, external application penetration testing and/or Service Organization Control audits. Supplier agrees to provide, maintain and support software releases and subsequent updates, upgrades, and bug fixes free from known vulnerabilities applicable to the products utilized by the Supplier by adhering to generally recognized industry best practices and standards in Section C.16.a. of this Addendum.