I’m building a zoom app, before I publish it on the Marketplace I want to enable it to a few of my company’s alpha-testing partners.
For this I’m selecting the “Request to share this app outside this account” option during my Marketplace submission.
How many of the technical / security requirements are necessary before doing this stage? From my attempted submissions, the following issues have been raised:
- Evidence of enforcing secure coding practice based on industry standards like OWASP
- Evidence of DAST (Dynamic Application Security Test)
- Evidence of 3rd Party Application penetration testing. If available, how often and what
- Evidence of published privacy and security policy
- Evidence of Vulnerability management policy or procedure
- Evidence of infrastructure/dependency management policy or procedure for patching systems and updating dependencies
- Evidence of an incident management process or procedure
I just wanted to verify if all of these are necessary at this stage, as for example comprehensive 3rd party pen testing can be expensive / time consuming to set up, and I would want to verify that we are doing so through a vendor / certification that Zoom accepts.