We are currently developing a Zoom OAuth app to retrieve a users webinars, and registration and participation data that will then sync to that user’s Microsoft Dynamics CRM. Currently we are in the process of trying to get the app published to the marketplace, but first were looking to get a shareable Auth URL so that customers can begin creating OAuth connectors in preparation for the JWT deprecation. The response to the shareable auth url review was -
“Unfortunately, the application has failed our Security and Privacy Compliance Review as you did not provide supporting evidence to what you attested in the Technical Design section. If you would like to still be considered for Beta, please resubmit your application with the TD and its supporting evidence (documentation of SSDLC, DAST/SAST, security and privacy policy etc.).”
I provided an image showing our SDLC, as well as our current security overview for supporting evidence of SAST/DAST and penetration testing. I’m not sure exactly what is missing as the response is fairly generic as to what supporting evidence in the technical design is actually missing. Is there any way I can get in touch with someone that can walk us through what is needed or what specifically was missing from the documents that needs to be provided?