Development and Maintenance. 4.1 Poppulo will take appropriate measures to ensure that Poppulo’s software development programme is governed by a well-documented and implemented Software Development Life Cycle (SDLC) that incorporates secure coding and application security testing best practices, such as those consistent with the Open Web Application Security Project (OWASP). 4.2 Poppulo will not release software or provide any services to the Customer with known Critical or High vulnerabilities, as defined by the Forum of Incident Response and Security Teams Common Vulnerability Scoring System (FIRST CVSS) Qualitative rating scale. Applications or services developed or provided by Poppulo and utilised by the Customer will be regularly scanned by Poppulo for vulnerabilities and patched in a timeframe that is consistent with Poppulo's then-current vulnerability management standards.
Appears in 2 contracts
Sources: Master Services Agreement, Master Services Agreement