We created an Account-level-app and sent a request to review.
We answered No to the question “Do you have a secure software development process (SSDLC)?”, but request is declined on the reason below.
Thank you for providing us with the completed Technical Design section and supporting evidence. Unfortunately, the App has failed our Security and Privacy Compliance Review. We are unable to approve the app in its current state as the evidence that was submitted is not supporting enough for approval. In reviewing the content and information you shared, the TDD submission indicated that you have a Secure SDLC process, conduct vulnerability scans (SAST/DAST), and perform ongoing pen testing for your application. However, the SSDLC evidence uploaded doesn’t fulfill our requirement for a formal SSDLC and SAST/DAST evidence. The proof of SSDLC must incorporate your entire development process from requirements to production and be widely acknowledged by your team. For the SAST/DAST, screenshots of the scans output will suffice. And for the third party pentest, we expect to see the report from the vendor (cover page and overall findings summary will work). Also, per our policies the app cannot be reviewed without the English translation of your evidence. Please resubmit the evidence with its English translation and we can continue to review your application. Thank you for choosing Zoom! Please let us know if you have any questions.
Why are we being asked to submit SSDLC evidence?
We can provide ID if needed.
Looking to discuss the use of apps integrations on the Marketplace?
Join the Zoom user community conversation at https://community.zoom.us.