Vulnerabilities. Provider shall have controls in place to identify any security vulnerabilities in the Solutions during development and after release. Provider shall provide Dell written notice of (a) publicly-acknowledged vulnerabilities/zero day exploits within five business days of the public acknowledgement; and (b) internally-known yet publicly-undisclosed vulnerabilities/zero day exploits within ten business days of their discovery. Provider commits to remediate all vulnerabilities identified in the Solutions at Provider’s expense, and to remediate vulnerabilities with a base score above 4 as defined by Common Vulnerability Scoring System in a timeframe commensurate with the risk or as agreed upon with Dell. Provider’s use of open source code shall not alter Provider’s responsibility to identify and remediate vulnerabilities as described here.
Appears in 3 contracts
Sources: Data Protection Agreement, Data Protection Agreement, Data Protection Agreement