Application Security. The ISP will require that in-house application development be governed by a documented secure software development life cycle methodology, which will include deployment rules for new applications and changes to existing applications in live production environments.
Application Security. Zoom must have an established software development lifecycle for the purpose of defining, acquiring, developing, enhancing, modifying, testing or implementing information systems. Zoom must ensure that web-based and mobile applications used to store, receive, send, control or access Customer Data are monitored, controlled and protected.
Application Security. Contractor must maintain and support its software and subsequent upgrades, updates, patches, and bug fixes such that the software is, and remains secure from known vulnerabilities.
Application Security. The software development for the Medallia Experience Cloud follows a secure lifecycle, including source code management and appropriate reviews.
Application Security. Reveal uses Xxxxxx.xxx to detect and block in real time attacks such as XSS, SQL Injections, Identity Theft etc. We also use Cloudflare to protect our services from Distributed Denial of Service (DDoS) attacks.
Application Security. ● The Hubilo development team is trained on OWASP Secure Coding Practices and uses industry best practices for building secure applications. · The Hubilo security team conducts Whitebox testing on each code release and they also do Blackbox testing on third-party software to mitigate risk. Apart from this Hubilo also performs code scanning using Sonarqube in QA environment. Hubilo Security team uses Burp Suite Professional software to test for all vulnerabilities from time to time as per Hubilo policies and procedures. ● Hubilo code is stored in a code repository system hosted by our cloud data centre provider. Hubilo adopts a strict, least access privileges principle for access to the code. Commits to production code are strictly reviewed, and approval is restricted to just CTO/Sr. VP of Engineering / Lead-DevOps, (after passing Unit Testing and QA in Test and Staging). ● The data stored on production servers is accessible only to the CTO/Sr. VP of Engineering/ Lead-DevOps of the org. No other workforce member of Hubilo has access to customer data unless access permission is granted by the CTO/Sr. VP of Engineering to resolve any technical issue or for debugging. ● The Hubilo production environment is logically segregated from the staging and development environment with concepts of virtual private cloud and subnets. There is an hourly backup of the database data at secured cloud storage of cloud service provider (AWS). ● Connection to the Hubilo web-app via HTTPS by using the latest version of Transport Layer Socket (TLS) like TLS 1.2+ and above.
Application Security. Genesys’ application security program is based on the Microsoft Security Development Lifecycle (SDL) to secure product code. The core elements of this program are manual code reviews, threat modelling, static code analysis, dynamic analysis, and system hardening.
Application Security. Unless specified otherwise NH is not responsible for keeping applications, like but not limited to WordPress, Magento, Drupal, XenForo and vBulletin, with the latest patches and security updates. These updates and patches are the responsibility of the customer.
Application Security. Druva shall at all times develop, provide, maintain and support Cloud Services and the Software and subsequent updates, upgrades and bug fixes such that the Cloud Services and the Software remain secure from those vulnerabilities as described in The Open Web Application Security Project's (OWASP) "Top Ten Project" and other generally recognized and comparable web application security standards.
Application Security. Supplier shall provide, maintain, and support any of its software and systems provided or used in connection with the services or products under the Agreement and subsequent updates, upgrades, and bug fixes such that they are and remain secure from vulnerabilities, utilizing recognized and comparable industry practices or standards as set forth in paragraph 9 below. Data Security - Without limiting Supplier’s confidentiality obligations or other obligations to protect data and other information of Company or its Affiliates, including any Personal Information, under the Agreement or this DSA, Supplier shall store all Personal Information in accordance with industry best practices and in compliance with all applicable laws, and use security measures, including, but not limited to, encryption and firewalls, to protect such Personal Information from unauthorized disclosure or use. Such measures shall be no less rigorous than those measures maintained by Supplier for its own data of a similar nature. When Supplier stores Personal Information in a third-party’s offsite facility, Supplier must have complied with the terms of this DSA related to disclosing Personal Information to third parties or otherwise subcontracting services or products to third parties and shall only use a third party’s offsite storage facility that is otherwise reasonably acceptable to Company, without limiting the foregoing, the facility of a third party that is in full compliance with all of the provisions of this Appendix. Data storage - Any and all Personal Information will be stored, processed, and maintained solely on designated Supplier computing and storage resources, and that no Personal Information will at any time be processed on or transferred to any portable or laptop computing device or any portable storage medium, unless that device or storage medium is in use as part of the Supplier's designated backup and recovery processes and encrypted in accordance with paragraph 6 below. Supplier shall store all backup Personal Information as part of its designated backup and recovery processes. Data Transmission - Any and all electronic transmission or exchange of Personal Information with Company and/or any third parties shall take place via secure means (using HTTPS or SFTP or equivalent) and solely in accordance with paragraph 6 below. Data Encryption - Supplier agrees that any and all Personal Information stored on any portable or laptop computing device or any portable storage med...
