Newer Version Available

This content describes an older version of this product. View Latest

Periodic Re-Reviews

We conduct periodic re-reviews for solutions listed on AppExchange. Re-reviews ensure that solutions continue to help safeguard against the latest security vulnerabilities.

When you upgrade a managed package version of a solution that passed security review, you don’t have to go through the full review process again. Submit the upgrade for review and it’s automatically approved. You can immediately associate the new version to your AppExchange listing.

The automated review isn’t the only security review of your upgraded solution. 6 months to 2 years after the solution is listed, we review the new version. This periodic re-review includes automated and manual tests. The actual timing depends on the potential risk of the solution.

To determine which listed solutions are due for re-review, we run risk-factor reports. If your solution shows significant change, it’s likely that we conduct a re-review. When the time comes, we contact you to make arrangements. We also reserve the right to conduct random security pen tests on your solution throughout the year.

There’s no additional cost for re-reviews. These reviews are included in the security review fee paid at original submission of your solution.

If we find that your solution no longer meets our enterprise security standards, we notify you and provide a timeline to remedy the issues. In extreme cases, we pull the AppExchange listing from public viewing. Before you can relist it for distribution, you must fix the security issues and submit it for a follow-up review.