Introduction

Application vulnerabilities account for the largest portion of attack vectors besides malware. It is crucial that any application is assessed for vulnerabilities and any vulnerabilities are remediated prior to production deployment.

In case any kind of security incidents must be immediately communicated to all related parties.

Purpose of the Policy

The purpose of this policy is to define application security assessments within Alpha Serve. Application assessments are performed to identify potential or realized weaknesses as a result of inadvertent misconfiguration, weak authentication, insufficient error handling, sensitive information leakage, etc. Discovery and subsequent mitigation of these issues will limit the attack surface of Alpha Serve products and services, as well as satisfy compliance with any relevant policies in place.

Scope of the Policy

This policy covers all application security assessments for the purposes of maintaining the security posture, compliance, risk management, and change control of technologies in use at Alpha Serve.

All application security assessments will be performed by the personnel either employed or contracted by Alpha Serve. All findings are considered confidential and are to be distributed to persons on a “need to know” basis. Distribution of any findings outside of Alpha Serve is strictly prohibited unless approved by the Chief Executive Officer.

This policy must be adhered to by all Alpha Serve employees or temporary workers at all locations and by contractors working with Alpha Serve as subcontractors.