+ Start a Discussion
Mark RootMark Root 

OEM Security Review for non-AppExchange solutions

We are currently an ISV partner but have developed a Force.com OEM solution.  Will the current $2,700 AppExchange Security Review listing process still apply to us or is there some other OEM Security Review we can go through?  We do not intend to list on the AppExchange, because none of our customers use Salesforce, and so where will we be submitting for SR?
Deepak Kumar ShyoranDeepak Kumar Shyoran
Have you tried http://security.force.com/security/tools/forcecom/scanner# this is basic security check for Salesforce to check the quality of code and to find any security issues in your app.
aalbertaalbert
Yes, the Security Review fee is required for your OEM app. You still submit for security review via the Appexchange Publishing Console. That doesn't mean or require you to publically list your app on the appexchange.
Mark RootMark Root
Why is there such a hefty charge for OEMs?  I can understand this if we were advertising our app on the AppExchange but none of our customers are on Salesforce yet and so this would be pointless for us to do.

In developing an industry solution that competes with other ASP.NET and more traditional solutions, we have the potential of bringing on many net new SF customers.  At a starting rate of $25 per user plus 25% of our fee, why should we have to pay an additional $2,700 just to get started?  This was certainly not covered in any of the OEM getting started material we've seen.  Is this a new requirement or something?
Deepak Kumar ShyoranDeepak Kumar Shyoran
Apex- Exchange security review is mandatory when you want to list your application on App-Exchange, but if you don't want your application to be listed on App-Exchange then it's not required that you have to clear those review.
aalbertaalbert
Trust is of the utmost importance to salesforce.com, our customers, and our ISVs. The spirit of requiring a Security Review is to ensure the salesforce.com ecosystem of ISV apps (including OEM apps that aren't sold to existing salesforce.com customers) are secure. That is a good thing for everyone. 

The best resource can be found here: http://security.force.com/security/partners