All extensions and starter Kits submitted for publication to the ThingWorx Marketplace must go a through a Certification review process. The Certification review has been developed to assess submitted content's viability and its compliance with basic security requirements to ensure that applications published on the Marketplace follow industry best practices, and to promote trust within the ThingWorx ecosystem.
The submitted software artifacts and the user guide will undergo the Certification review. All the other supporting artifacts will be used to understand and validate the software before it is posted.
The certification review process consists of the following:
- Live demonstration
A live demonstration (via conference call) should be provided by the submitter as an introduction of the software functionality to the certification team. Additional conference calls might be needed for clarifications.
- Code review
In addition to the automated scans, we do a manual code review on the source code to detect if there are security flaws in the software and to verify that the proper controls are present and that they work as intended
- Functional verification
We require the submitted software to undergo thorough functional testing to ensure that the stated functional claims are working flawlessly, If the submitter has already performed testing, then they should submit the testing artifacts such as test plan and test results to the Certification team for review. If testing was not performed for any agreeable reason, then, we will conduct functional testing as able. If functionality can not be validated to our satisfaction we will advise of area's of concern so they can be addressed.
- Documentation review
User guide and any other documentation submitted will undergo review to make sure that the information is valid and true and that the documents are written as per ThingWorx standards.
- Virus scanning
The submitted software will go though an automated virus scan to check for potential harmful viruses that could threaten the ThingWorx ecosystem.
- Additional Security and vulnerability reviews
The submitted software will undergo static and/or dynamic code analysis to detect vulnerabilities in the source code.
Upon successful review, offerings will be considered Certified.
Applications offered as a Service (PoweredBy ThingWorx) that are submitted for publication do not undergo the certification process, but will be reviewed in a demo with the ThingWorx Marketplace team and the 3rd party submitting the application for publication.