Application Vulnerability Assessment. Provider will perform application security vulnerability assessments prior to any release and on a recurring basis. The assessments must cover all web application, mobile application, stand-alone application, embedded software, and firmware vulnerabilities defined by the Open Web Application Security Project (OWASP) or those listed in the SANS Top 25 Software Errors or its successor current at the time of the test. Provider will ensure all critical and high-risk vulnerabilities are remediated prior to release. On a recurring basis, Provider shall ensure that emergency/critical vulnerabilities are addressed urgently and as soon as practicable within fourteen (14) days; high-risk vulnerabilities are addressed within thirty (30) days; and medium-risk vulnerabilities are addressed within ninety (90) days. This applies to web application, mobile application, stand-alone application, embedded software, and firmware development as appropriate to the Agreement. In the event that Provider Services include application vulnerability management for applications owned by Accenture or its client, Provider shall document and implement an application vulnerability assessment and remediation plan that is to be approved by Accenture.
Appears in 2 contracts