Common use of Security of All Software Components Clause in Contracts

Security of All Software Components. Supplier will inventory all software components (including open source software) used in Deliverables and provide such inventory to Umlaut upon request. Supplier will assess whether any such components have any security defects or vulnerabilities that could lead to a Security Incident. Supplier will perform such assessment prior to providing Umlaut with access to such software components and on an on-going basis thereafter during the term of this PO/agreement. Supplier will promptly notify Umlaut of any identified security defect or vulnerability and remediate same in a timely manner. Supplier will promptly notify Umlaut of its remediation plan. If remediation is not feasible in a timely manner, Supplier will replace the subject software component with a component that is not affected by a security defect or vulnerability and that does not reduce the overall functionality of the Deliverable(s).