Application Programming and Development Standards Sample Clauses

Application Programming and Development Standards. The Contractor shall be responsible for the security and integrity of all applications it develops for deployment by the State. The Contractor must: 1. Conform to applicable industry practice in its application development. All applications must be developed based on secure coding guidelines such as the Open Web Application Security Project Guidelines ("OWASP") Top 10 and the CWE/SANS Top 25 Programming Errors published regularly by the SANS Institute. 2. Use application scanning software and a process to promote the release of secure code at the time such code is put into production. 3. Use commercially reasonable efforts to implement appropriate changes needed as a result of updates published to the guidelines. 4. Adhere to all applicable Standards (State, SOX and PCI DSS) for all Application Development. Should the State request access to any data covered by PCI DSS, then State compliance with PCI DSS requirements is a necessary pre-condition to Contractor compliance. 5. Use commercially reasonable efforts to ensure that the hardware, software and services provided to or purchased by the State from the Contractor are compatible with the principles and goals contained in the electronic and information technology accessibility standards adopted under Section 508 of the Federal Rehabilitation Act of 1973 (29 U.S.C. 794d). 6. Conform to Information Assurance Support Environment (IASE) STIGs Application Security & Development for all major application changes to existing application and new application development devours.