>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PSS-02Identification of Vulnerabilities of the Cloud Service

>Control Description

The Cloud Service Provider applies appropriate measures to check the cloud service for vulnerabilities which might have been integrated into the cloud service during the software development process. The procedures for identifying such vulnerabilities are part of the software development process and, depending on a risk assessment, include the following activities: • Static Application Security Testing; • Dynamic Application Security Testing; • Code reviews by the Cloud Service Provider's subject matter experts; and • Obtaining information about confirmed vulnerabilities in software libraries provided by third parties and used in their own cloud service. The severity of identified vulnerabilities is assessed according to defined criteria and measures are taken to immediately eliminate or mitigate them. Additional criteria: The procedures for identifying such vulnerabilities also include annual code reviews or security penetration tests by qualified external third parties.

Ask AI

Configure your API key to use AI features.