Common use of Secure Software Development Clause in Contracts

Secure Software Development. Cvent shall maintain processes to identify, evaluate and address risks to the development of its software solutions. Cvent shall maintain an independent test/development environment, separate from production computing resources, for any testing of new software and/or changes to existing software. Production data will not be used for software testing and development purposes unless sanitized and deemed necessary for any intended testing that needs to be performed; all efforts will be made to first utilize mock/test data. Cvent maintains a change control process for application changes pushed to production computing environments. Changes shall require approvals and specific tasks to be performed, including: Development, Code Review, Testing, Approval of Changes, and Documentation of Changes. Cvent requires all software developers to undergo training on secure coding practices in line with OWASP Top 10 guidelines.