Common use of Application Development Clause in Contracts

Application Development. ▪ The application and associated databases must validate all input. ▪ Implement safeguards against attacks (e.g. sniffing, password cracking, defacing, backdoor exploits) ▪ Protect the data by using a least privilege and a defense-in-depth layered strategy to compartmentalize the data. ▪ Handle errors and faults by always failing securely without providing non-essential information during error handling. ▪ Log data to support general troubleshooting, audit trail investigative requirements, and regulatory requirements, with support for centralized monitoring where appropriate. ▪ Built-in security controls – built-in access controls, security auditing features, fail-over features, etc. ▪ Prevent buffer overflows. ▪ Avoid arithmetic errors. ▪ Implement an error handling scheme. Error messages should not provide information that could be used to gain unauthorized access. ▪ Test data used during development must be non-production simulated data. ▪ Implement protocols (TCP/IP, HTTP, etc.) without deviation from standards.

Application Development. ▪ The application and associated databases must validate all input. ▪ Implement safeguards against attacks (e.g. sniffing, password cracking, defacing, backdoor exploits) ▪ Protect the data by using a least privilege and a defense-in-depth layered strategy to compartmentalize the data. ▪ Handle errors and faults by always failing securely without providing non-essential information during error handling. ▪ Log data to support general troubleshooting, audit trail investigative requirements, and regulatory requirements, with support for centralized monitoring where appropriate. ▪ Built-in security controls – built-in access controls, security auditing features, fail-over features, etc. ▪ Prevent buffer overflows. ▪ Avoid arithmetic errors. ▪ Implement an error handling scheme. Error messages should not provide information that could be used to gain unauthorized access. ▪ Test data used during development must be non-production simulated data. ▪ Implement protocols (TCP/IP, HTTP, etc.) without deviation from standards.