XaaS                                                     3


            8.3.2   Software security

            When CSN is a cloud content or software developer, the SaaS application environment is required to provide
            mechanisms that assist CSN to ensure that their codes or other components supplied to CSP comply with any
            programming constraints required by the CSP, Besides, the codes or components should not contain malware
            or violate the integrity of CSP's cloud services.

            8.3.3   Software maintainability
            When  CSN  is  a  cloud  software  developer,  the  SaaS  application  environment  is  required  to  support
            mechanisms that assist CSN to provide source codes or other functionality for CSP's system. The source codes
            or functionality are required to contain versioning and other appropriate methods, in order to ensure that
            they can be maintained during the lifetime of the service. These methods include but are not limited to
            providing updates to fix known vulnerabilities, removing dependency on other components with known
            vulnerabilities, and increasing the overall system security.





































































            742