Code Security. 8.2.1. All production code is digitally signed, using trusted third-party Public Key Infrastructure (PKI) services. 8.2.2. As part of ▇▇▇▇▇▇▇’ CI/CD pipeline, code is scanned nightly for vulnerabilities, both third-party and any introduced in ▇▇▇▇▇▇▇ custom code. This scanning is performed using best in class Software Composition Analysis (SCA) and Static Application Security Testing (SAST) tools, which allows for deep and thorough analysis as well as continuous vulnerabilities detection. 8.2.3. Dynamic Application Security Testing (DAST) is executed on live, deployed application instances 8.2.4. A trusted third-party penetration team is contracted to perform continuous penetration testing on the product (including milestones). 8.2.5. Any vulnerabilities discovered are triaged and run through an internal risk assessment with enforced remediation of all Critical and High vulnerabilities discovered.
Appears in 2 contracts
Sources: Subscription Agreement, Subscription Agreement