Common use of Security Vulnerability Clause in Contracts

Security Vulnerability. If Supplier becomes aware of a Security Vulnerability in a Deliverable unless otherwise agreed by Supplier and INTESA in writing, Supplier will (i) provide INTESA with an Error Correction and Mitigation within the required time frames for all versions and releases of the Deliverable and (ii) provide INTESA Technical Coordinator (as specified in the PO) a written report with: A) a description of the Security Vulnerability, including the versions and releases of Deliverable affected, and its potential effects, exploits, and risks; and B) the Common Vulnerability Scoring System (CVSS) Base Score for the Security Vulnerability. For a Security Vulnerability that has been publicly disclosed and no Error Correction or Mitigation has been provided to INTESA, Supplier will provide the INTESA Technical Coordinator a planned fix date as soon as reasonably possible after such public disclosure, which must take into account the needs of INTESA Supplier will use then-current, industry-standard best practices including scanning for security vulnerabilities to help prevent, detect, and correct Security Vulnerabilities in Deliverables (i.e. secure engineering practices and vulnerability management) and provide information on these practices at Buyer’s request. Personal Data, which is a subset of INTESA Materials (and therefore references to INTESA Materials in the Supplier Relationship Agreement, a PO or any other Attachment includes Personal Data), is any information about an identified or identifiable individual. Supplier makes the following ongoing representations and warranties regarding Personal Data: