Common use of Software Deliverables Clause in Contracts

Software Deliverables. To the extent that Supplier is providing software, including software development services as set forth in a Schedule for JPMC, Supplier shall demonstrate the maturity of controls in its development process by providing JPMC with applicable documentation and/or artifacts that the following software development controls are in place for the scope of the Deliverables being provided to JPMC hereunder which may include, to the extent agreed in the Schedule, the following: (i) security requirements in the requirements phase of the software development life cycle; (ii) application architectural framework(s) designed for resiliency; (iii) static code analysis during development; (iv) dynamic scanning in the quality assurance or build process; (v) manual penetration testing, and (vi) security vulnerability management. If Supplier is unable to provide any of the documentation or artifacts described above, then before Supplier delivers any Deliverable to a JPMC Entity or a Recipient, the following shall be required: (x) a dynamic scan of Supplier’s developed code in a JPMC quality assurance environment, or (y) a third party provided scan of the binaries in a run time environment (the cost of such scan to be at Supplier’s sole cost and expense).