Extensions and integrations go through a security review process to ensure that customer-specific content are developed securely.

In order to avoid introducing a security vulnerability into the Cloud environment code must be written in a secure manner. Ensuring that customer-specific content is developed in a secure manner is the Customer’s responsibility.

In an attempt to mitigate custom code which is not written in a secure manner, all extensions and integrations must go through a security review process. The Security Questionnaire should be filled out by the developer(s) and submitted via email to DCOMacEntSecurityReview@deltek.com for DCO to review. Once the questionnaire has been received, the security team will reach out to the developer(s) within 3 business days to schedule a review meeting.

Deltek has the right to mitigate this risk at Deltek’s discretion, by providing periodic code scanning of custom extensions after they have been deployed. If vulnerabilities are identified by Deltek, they will be reported back to the Customer who is responsible for making the appropriate code corrections.

Note: Extensions should be written as Java Extensions. Although extensions written in MScript are allowed in the Enterprise Cloud, any MScript extensions will not be subjected to Security scanning and are therefore allowed at the Customer’s own risk. The responsibility of ensuring that MScript does not introduce any security vulnerabilities sits with the Customer and is not the responsibility of Deltek.