Common use of Vulnerability Management Clause in Contracts

Vulnerability Management. Vendor shall ensure that all Vendor assets, systems or software used to store, process, transmit or maintain Confidential Information are protected from known, discovered, documented, and/or reported vulnerabilities to external threats to functionalities or security by installing applicable and necessary security patches within a reasonable timeframe. As a baseline for reasonableness, Vendor must, at least, provide critical security patches immediately, high security patches within 1 month of release, medium security patches within 60 days, and low security patches within 90 days. Security patch severity will be categorized using the Common Vulnerability Scoring System and the timeframes begin upon the earlier to occur of: (a) the date Customer notifies Vendor of a vulnerability; (b) the date Vendor becomes aware of the vulnerability; or (c) the date the vulnerability is published with Common Vulnerabilities and Exposures.

Appears in 5 contracts

Samples: Master Purchase Agreement for Services, Master Purchase Agreement for Services, Master Purchase Agreement for Services

AutoNDA by SimpleDocs
Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!