3rd Party App Int. into a Solution who should be accountable for Security

Home Forums Technology 3rd Party App Int. into a Solution who should be accountable for Security

This topic contains 0 replies, has 1 voice, and was last updated by  Destiny Olivas 2 months, 2 weeks ago.

  • Author
    Posts
  • #288286

    Destiny Olivas
    Participant

    3rd Party App Integration into a Solution who should be accountable for Security?
    We have contracted with a a vendor to implement a solution (A Tax system). One of the features of the solution is to build a public facing website. We asked the vendor before we signed the contract to list all 3rd party applications that are integrated into their tool. Nothing was disclosed.
    Now we have found that the vendor plans to use DotNetNuk (DNN) to build the website. We like DNN as a tool but it is open source and we are a conservative government agency. The vendor is willing to amend the contract language so they would work with DNN if there is a problem, and partner with us if there was a security breach. My management team wants the vendor to be fully accountable if there is a security breach because of DNN. The vendor says it is “unheard of” for a company to warrant any company’s tool even if it is integrated into their solution.
    Have you had experience dealing with this situation? What are your thoughts about who is right.

You must be logged in to reply to this topic.