Hello,
Our customer asked a few questions to avoid taking the penetration test.
- Can we learn about SSDLC or SOC certification so that the product is COTS and exempt from source code and penetration testing?
- Can evidence be presented against Common Criteria or SOC 2 Type 2 or higher certifications?
Is there a certificate that we can submit as evidence for these?