Security Vulnerability Sample Clauses

The Security Vulnerability clause defines the parties' responsibilities and procedures in the event that a security flaw or weakness is discovered in a product, service, or system covered by the agreement. Typically, this clause outlines the steps for promptly reporting vulnerabilities, the timeframe for addressing and remedying the issue, and any obligations to notify affected users or regulatory authorities. Its core function is to ensure a clear and coordinated response to security threats, thereby minimizing potential harm and allocating responsibility for remediation.
POPULAR SAMPLE Copied 20 times
Security Vulnerability. If Supplier becomes aware of a Security Vulnerability in a Deliverable unless otherwise agreed by Supplier and INTESA in writing, Supplier will (i) provide INTESA with an Error Correction and Mitigation within the required time frames for all versions and releases of the Deliverable and (ii) provide INTESA Technical Coordinator (as specified in the PO) a written report with: A) a description of the Security Vulnerability, including the versions and releases of Deliverable affected, and its potential effects, exploits, and risks; and B) the Common Vulnerability Scoring System (CVSS) Base Score for the Security Vulnerability. For a Security Vulnerability that has been publicly disclosed and no Error Correction or Mitigation has been provided to INTESA, Supplier will provide the INTESA Technical Coordinator a planned fix date as soon as reasonably possible after such public disclosure, which must take into account the needs of INTESA Supplier will use then-current, industry-standard best practices including scanning for security vulnerabilities to help prevent, detect, and correct Security Vulnerabilities in Deliverables (i.e. secure engineering practices and vulnerability management) and provide information on these practices at Buyer’s request. Personal Data, which is a subset of INTESA Materials (and therefore references to INTESA Materials in the Supplier Relationship Agreement, a PO or any other Attachment includes Personal Data), is any information about an identified or identifiable individual. Supplier makes the following ongoing representations and warranties regarding Personal Data:
View SourceView Similar (2)
Security Vulnerability. A “Security Vulnerability” is a set of conditions that leads or may lead to an implicit or explicit failure of the confidentiality, integrity or availability of a system. Security Vulnerabilities include, but are not limited to: (i) Executing commands as another user; (ii) Accessing data in excess of specified or expected permission; (iii) Posing as another user or service within a system; (iv) Causing an abnormal denial of service; (v) destroying data without permission; or (vi) Exploiting an encryption implementation weakness that significantly reduces the time or computation required to recover the plaintext from an encrypted message. Principal shall follow industry-standard software assurance practices (such as standards developed by ▇▇▇▇▇▇▇▇.▇▇▇, ISO or any successor or similar industry organization) to minimize the risk of Security Vulnerabilities being introduced in the Pivotal Software provided to Agent at any point in the product lifecycle. Upon external discovery (including, without limitation, by Agent or one of its customers) of any Security Vulnerability in the Pivotal Software, Principal shall follow industry best practices for handling and responding to vulnerabilities such as ISO Standards 29147 and 30111.
View Source
Security Vulnerability an unintended flaw in software code or a system that leaves it open to the potential for exploitation in the form of unauthorized access or malicious behaviour such as viruses, worms, Trojan horses and other forms of malware.
View Source
Security Vulnerability. Pivotal shall promptly notify VMware upon learning of a Security Vulnerability, unless under an active embargo. Should VMware then request it, Pivotal shall promptly make available to VMware, with respect to the perceived role or causal significance of the Product in the Security Vulnerability, the following information: (a) a description of what was discovered and the potential scope of risk in plausible settings including versions of the Product impacted; (b) Pivotal’s proposed method for distributing the remedy (e.g., patch, maintenance update, or product version upgrade); and (c) any other relevant information on possible workarounds or mitigating solutions. In addition, Pivotal shall use all reasonable commercial efforts to remedy any security vulnerability that has a CVSS score of 5.7 or higher (see ▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇/cvss.cfm?calculator&version=2). Upon discovery by VMware or one of its customers of a Security Vulnerability, Pivotal shall follow industry best practices for handling and responding to vulnerabilities such as the National Infrastructure Advisory Council: Disclosing and Managing Vulnerability Guidelines (▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/xlibrary/assets/vdwgreport.pdf). Pivotal shall make available, upon request, information that outlines Pivotal’s practices for software assurance that minimize the risk of vulnerabilities being introduced in products at any point in the product lifecycle. Further, Pivotal shall have a mechanism for demonstrating the authenticity and integrity of Products provided to VMware (e.g., digitally signing mobile code or distributing product code from a trusted web site). VMware may from time to time request information from its supply chain, including software suppliers such as Pivotal, regarding the products that VMware licenses and purchases. VMware may request Pivotal to self-certify that its software and software development practices aligns with software integrity and security standards developed by ▇▇▇▇▇▇▇▇.▇▇▇ or any successor or similar industry code security and integrity organization. Pivotal agrees to respond promptly and fully to such requests.
View Source
Security Vulnerability. Vendor will maintain appropriate processes to identify and correct any weakness in the Website, Intranet or Vendor’s Software, network services, operating system, application and/ or at a physical level that could allow a Security Incident to occur (“Security Vulnerability”). A. A Security Vulnerability will be classified as high, medium and low risk vulnerabilities as follows: (i) High Risk Vulnerability: the existing environment cannot prevent or reduce the likelihood of a Security Incident occurring and the existing deficiency, if exploited, would result in a loss of confidentiality, integrity or availability of Authority Information, the Website and/or the Intranet; (ii) Medium Risk Vulnerability: the existing environment may allow a Security Incident to occur and the existing deficiency, if exploited, would result in a loss of confidentiality, integrity or availability of Authority Information , the Website and/or the Intranet; (iii) Low Risk Vulnerability: the existing environment is likely to prevent or limit the damage from a Security Incident and the existing deficiency, if exploited, is unlikely to result in a loss of confidentiality, integrity or availability of Authority Information, the Website and/or the Intranet. B. Each Security Vulnerability will require specific response and completion times as follows, which may include Vendor’s use of patches to temporarily resolve an issue after the occurrence: Vulnerability Type Response Time Work Around Implementation Final Correction Completion Time High Risk One (1) hour Eight (8) hours Seven (7) days Medium Risk One (1) hour Two (2) days Two (2) weeks Low Risk One (1) hour Two (2) weeks One (1) month
View Source
Security Vulnerability. In order to maintain the Service as secure as possible, You must not disclose any security vulnerability to any person except the Corporation. As soon as possible upon discovering any issue or problem that may be pose a risk to the security or use of the system or to Your Data (or any data of any other user of the Service), You must notify us by contacting us at ▇▇▇▇▇▇.▇▇▇.
View Source

Related to Security Vulnerability

  • Vulnerability Management BNY Mellon will maintain a documented process to identify and remediate security vulnerabilities affecting its systems used to provide the services. BNY Mellon will classify security vulnerabilities using industry recognized standards and conduct continuous monitoring and testing of its networks, hardware and software including regular penetration testing and ethical hack assessments. BNY Mellon will remediate identified security vulnerabilities in accordance with its process.

  • Infrastructure Vulnerability Scanning Supplier will scan its internal environments (e.g., servers, network devices, etc.) related to Deliverables monthly and external environments related to Deliverables weekly. Supplier will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days.

  • Security Measures Lessee hereby acknowledges that the rental payable to Lessor hereunder does not include the cost of guard service or other security measures, and that Lessor shall have no obligation whatsoever to provide same. Lessee assumes all responsibility for the protection of the Premises, Lessee, its agents and invitees and their property from the acts of third parties.

  • Security Protocols Both parties agree to maintain security protocols that meet industry standards in the transfer or transmission of any data, including ensuring that data may only be viewed or accessed by parties legally allowed to do so. Provider shall maintain all data obtained or generated pursuant to the Service Agreement in a secure digital environment and not copy, reproduce, or transmit data obtained pursuant to the Service Agreement, except as necessary to fulfill the purpose of data requests by LEA.

  • Security Safeguards Contractor shall store and process District Data in accordance with commercial best practices, including implementing appropriate administrative, physical, and technical safeguards that are no less rigorous than those outlined in SANS Top 20 Security Controls, as amended, to secure such data from unauthorized access, disclosure, alteration, and use. Contractor shall ensure that all such safeguards, including the manner in which District Data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with all applicable federal and state data protection and privacy laws, regulations and directives, including without limitation C.R.S. § ▇▇-▇▇-▇▇▇ et seq., as well as the terms and conditions of this Addendum. Without limiting the foregoing, and unless expressly agreed to the contrary in writing, Contractor warrants that all electronic District Data will be encrypted in transmission and at rest in accordance with NIST Special Publication 800-57, as amended.