Common use of Software Development Lifecycle Clause in Contracts

Software Development Lifecycle. For supplies that includes software development, the Vendor shall establish a Secure Software Development process. (i) adopt a Secure Software Development Lifecycle approach according to well known standards, such as IEC 62443 4-1. A certification is expected. (ii) provide evidence that identified security requirements and corresponding security controls are designed and implemented into the software. (iii) ensure that appropriate security tests including but not limited to static and dynamic code checks and continuous vulnerability assessment are applied in the development and integration pipelines and any issues uncovered are remediated before software release; and (iv) allow Customer and/or its agents to carry out Vulnerability Assessments of the developed software. If any vulnerability with a risk score of “high” or “critical” is found by the Customer, the Vendor shall take action to mitigate the risks before the software release.

Software Development Lifecycle. For supplies work that includes software development, the Vendor shall establish a Secure Software Development process.shall: (i) adopt a Secure Software Development Lifecycle approach according to well known standards, such as IEC 62443 4-1. A certification is expected. (ii) provide evidence that identified security requirements and corresponding security controls are designed and implemented into the software. (iii) ensure that appropriate security tests including but not limited to static and dynamic code checks and continuous vulnerability assessment are applied in the development and integration pipelines and any issues uncovered are remediated before software release; and (iv) allow Customer and/or its agents to carry out Vulnerability Assessments of the developed software. If any vulnerability with a risk score of “high” or “critical” is found by the Customer, the Vendor shall take action to mitigate the risks before the software release.