Security Vulnerabilities Clause Samples
POPULAR SAMPLE Copied 1 times
Security Vulnerabilities. We have made architectural choices that make vulnerabilities more difficult to introduce. For example, the identity and privilege level of the remote user is threaded throughout the application, all the way to the datastore, which enforces access rules in a testable, auditable place. The peer-code review process serves as a backstop against intentional or accidental vulnerabilities. We use automated static analysis tools that alert us to potential security problems in the code, and those checks must pass in order for code to get deployed. We have automated tools that monitor for security vulnerabilities in the third-party code dependencies and automatically propose patch updates. We rely on AWS’s mature vulnerability management practice for patching known vulnerabilities at the operating system, virtualization, and hardware layers. We divide our systems into separate environments for development, staging and production. Each environment is an independent domain with respect to network access control, service account credentials, and secrets. No access to the production, staging or development environments is allowed except on known protocols and ports via our front-end load balancers. All access to our services from user devices, or between our client software and our service is protected by TLS version 1.2 or higher. Our public endpoints, (for example, ▇▇▇▇▇▇▇.▇▇) receive an A+ rating from Qualys SSL Labs. To minimize the risk of data exposure, Nametag adheres to the principle of least privilege. Employees are only authorized to access data that they reasonably must handle in order to do their job: all engineers have access to their development environments, fewer engineers have access to the staging environment (only those who need access to perform their jobs), and far fewer have access to the production environment. All internal systems require our employees to authenticate with unique user accounts. All Customer Data is maintained in the State of Ohio, United States (for North America and South America Customer Data) or Ireland or Germany (for European Customer Data). All employees complete mandatory security awareness training once per year. In addition to general resistance to online threats, we teach our staff to resist social engineering attacks through our support channels. All employees are trained in protecting the identities and confidential information of our clients. Although we do not generally handle protected health information (PHI), all...
Security Vulnerabilities. “Security Vulnerability” means any set of conditions that leads or may lead to an implicit or explicit failure of the confidentiality, integrity or availability of the Subscription Service or other offering of ServiceNow, including, by way of example only: (a) executing commands as another user; (b) accessing data in excess of specified or expected permissions; (c) posing as another user or service within a system; (d) causing an abnormal denial of service; (e) inadvertently or intentionally destroying data without permission; or (f) exploiting any encryption implementation weakness (such as to reduce the time or computation required to recover the plaintext from an encrypted message). Immediately upon identification of any Security Vulnerability, Participant shall notify ServiceNow by email to ▇▇▇▇▇▇▇.▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ so that ServiceNow may initiate an investigation. Any such notice and discussions regarding a Security Vulnerability shall be treated as ServiceNow Confidential Information, and ServiceNow shall determine the appropriate remedy for any Security Vulnerability in its sole discretion. Participant shall not disclose any Security Vulnerability to the public, customers, partners or any third party without ServiceNow’s express prior written approval.