Code must conform to SCE's Cybersecurity Administrative Standard and Secure Coding Standard.

Per these standards:

• All projects are required to perform code scanning
• All 3rd party code or libraries must be reviewed
• Secrets must not be stored in source code.

Unremediated vulnerabilities must be assessed by Cyber Risk.

Critical vulnerabilities may only suppressed with an accepted Cyber Risk exception.

Report security issues by sending a detailed email to cybersecurity@sce.com.