|
|
|
|
|
|
by mrclark411
3317 days ago
|
|
|
Thanks. I also see that the security requirements are quite high. While its difficult to argue with source code security - here are some of the security requirements: The standard annual risk assessment shall include, to the best of Developer's ability, the following: (i) SOC 1 and/or SOC 2 audit report;
(ii) 3rd party proof of PCI compliance (a certificate showing Developer's handling of credit card payments is compliant);
(iii) Privacy Shield Attestation;
(iv) ISO Certification or Cloud Security Alliance Self-Assessment;
(v) Cloud Security Self Assessment;
(vi) any information on subcontractor or vendor production datacenter(s), IaaS, PaaS, or private hosting providers, as required by GitHub based on data and services rendered; and
(vii) Written responses and evidence of specific security requirements as outlined in this agreement https://help.github.com/articles/github-marketplace-develope... The GitHub Marketplace will be an exclusive place for a while with those requirements. |
|
|