Common use of Patching Clause in Contracts

Patching. 14.1 The Supplier must, and must ensure that Subcontractors, treat any public releases of patches for vulnerabilities as follows: (a) the Supplier must patch any vulnerabilities classified as “critical”: (i) if it is technically feasible to do so, within 5 Working Days of the public release; or (ii) if it is technical feasible to patch the vulnerability but not technically feasible to do so as required by Paragraph 14.1(a)(i), then as soon as reasonably practicable after the public release; (b) the Supplier must patch any vulnerabilities classified as “important”: (i) if it is technically feasible to do so, within 1 month of the public release; or (ii) if it is technical feasible to patch the vulnerability but not technically feasible to do so as required by Paragraph 14.1(b)(i), then as soon as reasonably practicable after the public release; (c) the Supplier must remedy any vulnerabilities classified as “other” in the public release: (i) if it is technically feasible to do so, within 2 months of the public release; or (ii) if it is technical feasible to remedy the vulnerability but not technically feasible to do so as required by Paragraph 14.1(c)(i), then as soon as reasonably practicable after the public release; (d) where it is not technically feasible to patch the vulnerability, the Supplier must implement appropriate technical and organisational measures to mitigate the risk posed by the vulnerability.

Patching. 14.1 6.1 The Supplier must, and must ensure that Subcontractors, treat any public releases of patches for vulnerabilities as follows: (a) the Supplier must patch any vulnerabilities classified as “critical”: (i) i. if it is technically feasible to do so, within 5 Working Days of the public release; or (ii) . if it is technical feasible to patch the vulnerability but not technically feasible to do so as required by Paragraph 14.1(a)(i17.1(a)(i), then as soon as reasonably practicable after the public release; (b) the Supplier must patch any vulnerabilities classified as “important”: (i) i. if it is technically feasible to do so, within 1 month of the public release; or (ii) . if it is technical feasible to patch the vulnerability but not technically feasible to do so as required by Paragraph 14.1(b)(i17.1(b)(i), then as soon as reasonably practicable after the public release; (c) the Supplier must remedy any vulnerabilities classified as “other” in the public release: (i) i. if it is technically feasible to do so, within 2 months of the public release; or (ii) . if it is technical feasible to remedy the vulnerability but not technically feasible to do so as required by Paragraph 14.1(c)(i17.1(c)(i), then as soon as reasonably practicable after the public release; (d) where it is not technically feasible to patch the vulnerability, the Supplier must implement appropriate technical and organisational measures to mitigate the risk posed by the vulnerability.

Patching. 14.1 17.1 The Supplier must, and must ensure that Subcontractors, treat any public releases of patches for vulnerabilities as follows: (a) 17.1.1 the Supplier must patch any vulnerabilities classified as “"critical”": (i) if it is technically feasible to do so, within 5 Working Days of the public release; or (ii) if it is technical feasible to patch the vulnerability but not technically feasible to do so as required by Paragraph 14.1(a)(i17.1.1(i), then as soon as reasonably practicable after the public release; (b) 17.1.2 the Supplier must patch any vulnerabilities classified as “"important”": (i) if it is technically feasible to do so, within 1 month of the public release; or (ii) if it is technical feasible to patch the vulnerability but not technically feasible to do so as required by Paragraph 14.1(b)(i17.1.2(i), then as soon as reasonably practicable after the public release; (c) 17.1.3 the Supplier must remedy any vulnerabilities classified as “"other” " in the public release: (i) if it is technically feasible to do so, within 2 months of the public release; or (ii) if it is technical feasible to remedy the vulnerability but not technically feasible to do so as required by Paragraph 14.1(c)(i17.1.3(i), then as soon as reasonably practicable after the public release;; or (d) 17.1.4 where it is not technically feasible to patch the vulnerability, the Supplier must implement appropriate technical and organisational measures to mitigate the risk posed by the vulnerability.