Common use of Application and System Security Clause in Contracts

Application and System Security. Supplier agrees at all times to provide, maintain and support its software release and subsequent updates, upgrades, and bug fixes such that the software is, and remains secure from those vulnerabilities using applicable and recognized industry practices or standards including: i. The Open Web Application Security Project’s (OWASP) “Top Ten Project” - see ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇; ii. The CWE/SANS Top 25 Programming Errors – see ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/top25/ or ▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇/top25-programming-errors/; or iii. Other generally recognized and comparable industry practices or standards. Additionally, Supplier agrees to maintain a secure processing environment, including but not limited to, the timely application of patches, fixes and updates to operating systems and applications as provided by Supplier or open source support.

Application and System Security. Supplier agrees at all times to provide, maintain and support its software release and subsequent updates, upgrades, and bug fixes such that the software is, and remains secure from those vulnerabilities using applicable and recognized industry practices or standards including: i. The Open Web Application Security Project’s (OWASP) “Top Ten Project” - see ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇; ; ii. The CWE/SANS Top 25 Programming Errors – see ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/top25/ or ▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇/top25-programming-errors/; or or iii. Other generally recognized and comparable industry practices or standards. Additionally, Supplier agrees to maintain a secure processing environment, including but not limited to, the timely application of patches, fixes and updates to operating systems and applications as provided by Supplier or open source support.