Security Vulnerability Sample Clauses

Security Vulnerability. If Supplier becomes aware of a Security Vulnerability in a Deliverable unless otherwise agreed by Supplier and INTESA in writing, Supplier will (i) provide INTESA with an Error Correction and Mitigation within the required time frames for all versions and releases of the Deliverable and (ii) provide INTESA Technical Coordinator (as specified in the PO) a written report with: A) a description of the Security Vulnerability, including the versions and releases of Deliverable affected, and its potential effects, exploits, and risks; and B) the Common Vulnerability Scoring System (CVSS) Base Score for the Security Vulnerability. For a Security Vulnerability that has been publicly disclosed and no Error Correction or Mitigation has been provided to INTESA, Supplier will provide the INTESA Technical Coordinator a planned fix date as soon as reasonably possible after such public disclosure, which must take into account the needs of INTESA Supplier will use then-current, industry-standard best practices including scanning for security vulnerabilities to help prevent, detect, and correct Security Vulnerabilities in Deliverables (i.e. secure engineering practices and vulnerability management) and provide information on these practices at Buyer’s request. Personal Data, which is a subset of INTESA Materials (and therefore references to INTESA Materials in the Supplier Relationship Agreement, a PO or any other Attachment includes Personal Data), is any information about an identified or identifiable individual. Supplier makes the following ongoing representations and warranties regarding Personal Data:
Sample 1Sample 2
AutoNDA by SimpleDocs
Security Vulnerability. A “Security Vulnerability” is a set of conditions that leads or may lead to an implicit or explicit failure of the confidentiality, integrity or availability of a system. Security Vulnerabilities include, but are not limited to: (i) Executing commands as another user; (ii) Accessing data in excess of specified or expected permission; (iii) Posing as another user or service within a system; (iv) Causing an abnormal denial of service; (v) destroying data without permission; or (vi) Exploiting an encryption implementation weakness that significantly reduces the time or computation required to recover the plaintext from an encrypted message. Principal shall follow industry-standard software assurance practices (such as standards developed by XXXXXxxx.xxx, ISO or any successor or similar industry organization) to minimize the risk of Security Vulnerabilities being introduced in the Pivotal Software provided to Agent at any point in the product lifecycle. Upon external discovery (including, without limitation, by Agent or one of its customers) of any Security Vulnerability in the Pivotal Software, Principal shall follow industry best practices for handling and responding to vulnerabilities such as ISO Standards 29147 and 30111.
Sample 1
Security Vulnerability an unintended flaw in software code or a system that leaves it open to the potential for exploitation in the form of unauthorized access or malicious behaviour such as viruses, worms, Trojan horses and other forms of malware.
Sample 1
Security Vulnerability. Pivotal shall promptly notify VMware upon learning of a Security Vulnerability, unless under an active embargo. Should VMware then request it, Pivotal shall promptly make available to VMware, with respect to the perceived role or causal significance of the Product in the Security Vulnerability, the following information: (a) a description of what was discovered and the potential scope of risk in plausible settings including versions of the Product impacted; (b) Pivotal’s proposed method for distributing the remedy (e.g., patch, maintenance update, or product version upgrade); and (c) any other relevant information on possible workarounds or mitigating solutions. In addition, Pivotal shall use all reasonable commercial efforts to remedy any security vulnerability that has a CVSS score of 5.7 or higher (see xxxx://xxx.xxxx.xxx/cvss.cfm?calculator&version=2). Upon discovery by VMware or one of its customers of a Security Vulnerability, Pivotal shall follow industry best practices for handling and responding to vulnerabilities such as the National Infrastructure Advisory Council: Disclosing and Managing Vulnerability Guidelines (xxxx://xxx.xxx.xxx/xlibrary/assets/vdwgreport.pdf). Pivotal shall make available, upon request, information that outlines Pivotal’s practices for software assurance that minimize the risk of vulnerabilities being introduced in products at any point in the product lifecycle. Further, Pivotal shall have a mechanism for demonstrating the authenticity and integrity of Products provided to VMware (e.g., digitally signing mobile code or distributing product code from a trusted web site). VMware may from time to time request information from its supply chain, including software suppliers such as Pivotal, regarding the products that VMware licenses and purchases. VMware may request Pivotal to self-certify that its software and software development practices aligns with software integrity and security standards developed by XXXXXxxx.xxx or any successor or similar industry code security and integrity organization. Pivotal agrees to respond promptly and fully to such requests.
Sample 1
Security Vulnerability. In order to maintain the Service as secure as possible, You must not disclose any security vulnerability to any person except the Corporation. As soon as possible upon discovering any issue or problem that may be pose a risk to the security or use of the system or to Your Data (or any data of any other user of the Service), You must notify us by contacting us at Xxxxxx.xxx.
Sample 1
Security Vulnerability. Vendor will maintain appropriate processes to identify and correct any weakness in the Website, Intranet or Vendor’s Software, network services, operating system, application and/ or at a physical level that could allow a Security Incident to occur (“Security Vulnerability”). A. A Security Vulnerability will be classified as high, medium and low risk vulnerabilities as follows: (i) High Risk Vulnerability: the existing environment cannot prevent or reduce the likelihood of a Security Incident occurring and the existing deficiency, if exploited, would result in a loss of confidentiality, integrity or availability of Authority Information, the Website and/or the Intranet; (ii) Medium Risk Vulnerability: the existing environment may allow a Security Incident to occur and the existing deficiency, if exploited, would result in a loss of confidentiality, integrity or availability of Authority Information , the Website and/or the Intranet; (iii) Low Risk Vulnerability: the existing environment is likely to prevent or limit the damage from a Security Incident and the existing deficiency, if exploited, is unlikely to result in a loss of confidentiality, integrity or availability of Authority Information, the Website and/or the Intranet. B. Each Security Vulnerability will require specific response and completion times as follows, which may include Vendor’s use of patches to temporarily resolve an issue after the occurrence: Vulnerability Type Response Time Work Around Implementation Final Correction Completion Time High Risk One (1) hour Eight (8) hours Seven (7) days Medium Risk One (1) hour Two (2) days Two (2) weeks Low Risk One (1) hour Two (2) weeks One (1) month
Sample 1

Related to Security Vulnerability

  • Vulnerability Management BNY Mellon will maintain a documented process to identify and remediate security vulnerabilities affecting its systems used to provide the services. BNY Mellon will classify security vulnerabilities using industry recognized standards and conduct continuous monitoring and testing of its networks, hardware and software including regular penetration testing and ethical hack assessments. BNY Mellon will remediate identified security vulnerabilities in accordance with its process.

  • Security Measures Lessee hereby acknowledges that the rental payable to Lessor hereunder does not include the cost of guard service or other security measures, and that Lessor shall have no obligation whatsoever to provide same. Lessee assumes all responsibility for the protection of the Premises, Lessee, its agents and invitees and their property from the acts of third parties.

  • Security Protocols Both parties agree to maintain security protocols that meet industry standards in the transfer or transmission of any data, including ensuring that data may only be viewed or accessed by parties legally allowed to do so. Provider shall maintain all data obtained or generated pursuant to the Service Agreement in a secure digital environment and not copy, reproduce, or transmit data obtained pursuant to the Service Agreement, except as necessary to fulfill the purpose of data requests by LEA.

  • Security Safeguards Contractor shall store and process District Data in accordance with commercial best practices, including implementing appropriate administrative, physical, and technical safeguards that are no less rigorous than those outlined in SANS Top 20 Security Controls, as amended, to secure such data from unauthorized access, disclosure, alteration, and use. Contractor shall ensure that all such safeguards, including the manner in which District Data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with all applicable federal and state data protection and privacy laws, regulations and directives, including without limitation C.R.S. § 00-00-000 et seq., as well as the terms and conditions of this Addendum. Without limiting the foregoing, and unless expressly agreed to the contrary in writing, Contractor warrants that all electronic District Data will be encrypted in transmission and at rest in accordance with NIST Special Publication 800-57, as amended.

  • Abuse and Neglect of Children and Vulnerable Adults: Abuse Registry Party agrees not to employ any individual, to use any volunteer or other service provider, or to otherwise provide reimbursement to any individual who in the performance of services connected with this agreement provides care, custody, treatment, transportation, or supervision to children or to vulnerable adults if there has been a substantiation of abuse or neglect or exploitation involving that individual. Party is responsible for confirming as to each individual having such contact with children or vulnerable adults the non-existence of a substantiated allegation of abuse, neglect or exploitation by verifying that fact though (a) as to vulnerable adults, the Adult Abuse Registry maintained by the Department of Disabilities, Aging and Independent Living and (b) as to children, the Central Child Protection Registry (unless the Party holds a valid child care license or registration from the Division of Child Development, Department for Children and Families). See 33 V.S.A. §4919(a)(3) and 33 V.S.A. §6911(c)(3).

  • Safeguarding and Protecting Children and Vulnerable Adults The Supplier will comply with all applicable legislation and codes of practice, including, where applicable, all legislation and statutory guidance relevant to the safeguarding and protection of children and vulnerable adults and with the British Council’s Child Protection Policy, as notified to the Supplier and amended from time to time, which the Supplier acknowledges may include submitting to a check by the UK Disclosure & Barring Service (DBS) or the equivalent local service; in addition, the Supplier will ensure that, where it engages any other party to supply any of the Services under this Agreement, that that party will also comply with the same requirements as if they were a party to this Agreement.

  • Security System The site and the Work area may be protected by limited access security systems. An initial access code number will be issued to the Contractor by the County. Thereafter, all costs for changing the access code due to changes in personnel or required substitution of contracts shall be paid by the Contractor and may be deducted from payments due or to become due to the Contractor. Furthermore, any alarms originating from the Contractor’s operations shall also be paid by the Contractor and may be deducted from payments due or to become due to the Contractor.

  • Security Standards The Provider shall implement and maintain commercially reasonable security procedures and practices that otherwise meet or exceed industry standards designed to protect Student Data from unauthorized access, destruction, use, modification, or disclosure, including but not limited to the unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of the Student Data (a "Security Breach"). For purposes of the DPA and this Exhibit G, "Security Breach" does not include the good faith acquisition of Student Data by an employee or agent of the Provider or LEA for a legitimate educational or administrative purpose of the Provider or LEA, so long as the Student Data is used solely for purposes permitted by SOPPA and other applicable law, and so long as the Student Data is restricted from further unauthorized disclosure.

  • Data Encryption Contractor must encrypt all State data at rest and in transit, in compliance with FIPS Publication 140-2 or applicable law, regulation or rule, whichever is a higher standard. All encryption keys must be unique to State data. Contractor will secure and protect all encryption keys to State data. Encryption keys to State data will only be accessed by Contractor as necessary for performance of this Contract.

  • Encryption The Fund acknowledges and agrees that encryption may not be available for every communication through the System, or for all data. The Fund agrees that Custodian may deactivate any encryption features at any time, without notice or liability to the Fund, for the purpose of maintaining, repairing or troubleshooting the System or the Software.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!