-
Notifications
You must be signed in to change notification settings - Fork 0
/
END USER LICENSE AGREEMENT.txt
91 lines (46 loc) · 24.2 KB
/
END USER LICENSE AGREEMENT.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
1. DEFINITIONS
1.1 Software is the products produced by Practical Security Analytics LLC.
1.2 Content Updates means content used by Practical Security Analytics LLC which is updated from time to time, including but not limited to updated vulnerability signatures for vulnerability assessment products and exploits for penetration testing products.
1.3 Documentation is the media describing the Software and how to use it. Documentation includes, but is not limited to user and system administrator guides, manuals, specifications, and features.
1.4 Order means Practical Security Analytics LLC’s order form or other ordering document signed or referenced by Customer or its authorized reseller which identifies the specific Software and/or Services ordered, the Volume Limitations, and the price agreed upon by the parties.
1.5 Software Term is the period in which Customer is authorized to utilize the Software. Each Software Term shall be listed on the customer's account and shall commence on the date of purchase of the Software.
1.6 Volume Limitations is the capacity indicated on the Order Form, including, as applicable, number of assets, applications, data, plugins, and named individual users of the Software.
2. SOFTWARE LICENSES
2.1 License to Products. During the Software Term, Practical Security Analytics LLC grants a Customer a non-exclusive, non-transferable, non-sublicensable right to use and access the Software and Content: (i) solely for Customer’s internal business purposes; (ii) within the Volume Limitations; and (iii) as described in this Agreement. The parties also agree to be bound by any further license restrictions set forth on the Order Form.
2.2 Evaluation Licenses. If Customer’s license is an Evaluation Only License, then the Software Term is indefinite, or the evaluation term specified on the Order Form, whichever is shorter. Customer may not utilize the Software, Content, Documentation, or any other copyright work for commercial use under the Evaluation License. Practical Security Analytics LLC may revoke Customer’s Evaluation License at any time and for any reason. Sections 4 (Limited Warranty) and 9.1 (Indemnification) shall not be applicable to any Evaluation License.
2.3 Use by Affiliates. Subject to the Volume Limitations, Customer may make the Software available to its Affiliates under these terms, provided that Customer is liable for any breach of this Agreement by any of its Affiliates. “Affiliate(s)” means any entity now existing that is directly or indirectly controlled by Customer. For purposes of this definition “control” means the direct possession of a majority of the outstanding voting securities of an entity.
2.4 Restrictions. The Software may only be used for the legal purposes penetration testing, investigation, threat emulation, identification of security vulnerabilities in order to advance the security or safety of devices, machines, or networks of those who use them. Except as may be expressly permitted by applicable law, Customer will not, and will not permit or authorize third parties to: (i) reproduce, modify, translate, enhance, decompile, disassemble, reverse engineer, create derivative works of the Software, or merge the Software into another program; (ii) resell, rent, lease, or sublicense the Software or access to it, including use of the Software for timesharing or service bureau purposes; (iii) circumvent or disable any security or technological features or measures in the Software; nor (iv) use the Software in order to build a competitive product or service, for competitive analysis, or to copy any ideas, features, functions, or graphics of the Software. Customer is responsible for its employees’ compliance with this Agreement. If Customer identifies a vulnerability in the Software, all information and analysis regarding the vulnerability must be disclosed to Practical Security Analytics LLC via email to [email protected].
2.5 Ownership of Software. Practical Security Analytics LLC retains all right, title, and interest in and to the Documentation, Software, Content and in all copies, modifications and derivative works thereto including, without limitation, all rights to patent, copyright, trade secret, trademark, and other proprietary or intellectual property rights.
2.6 Customer Systems. Customer represents and warrants that it has the appropriate authorizations from the owner of the networks, systems, IP addresses, assets, and/or hardware on which it deploys the Software or Content, or which it targets, scans, monitors, or tests with the Software.
3. FEES AND PAYMENT TERMS
3.1 If Customer is purchasing the Software through a Practical Security Analytics LLC authorized reseller, then the fees shall be as set forth between Customer and reseller and the applicable fees shall be paid directly to the reseller and Section 3.2 shall not apply.
3.2 Customer agrees to pay the fees, charges, and other amounts in accordance with the Order Form from the date of invoice. All fees are nonrefundable, unless otherwise stated herein. Customer shall be responsible for remitting all taxes levied on any transaction under this Agreement, including, without limitation, all federal, state, and local sales taxes, levies and assessments, and local withholding taxes in Customer’s jurisdiction, if any, excluding, however, any taxes based on Practical Security Analytics LLC's income. In the event Customer is required to withhold taxes from its payment or withholding taxes are subsequently required to be paid to a local taxing jurisdiction, Customer is obligated to pay such tax, and Practical Security Analytics LLC as applicable, will receive the Order Form payment amount as agreed to net of any such taxes. Customer shall provide to Practical Security Analytics LLC written evidence that such withholding tax payment was made.
4. LIMITED WARRANTY
4.1 Software Warranty. Practical Security Analytics LLC provides the Software to you "AS IS" and without warranty and you hereby indemnify Practical Security Analytics LLC for your use of the Software. You are not entitled to any hard copy documentation, maintenance, support or updates for the Software. PRACTICAL SECURITY ANALYTICS LLC EXPRESSLY DISCLAIMS ALL WARRANTIES RELATED TO THE SOFTWARE, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. FURTHER, PRACTICAL SECURITY ANALYTICS LLC DOES NOT WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE OR THE RESULTS OF THE USE OF THE SOFTWARE OR RELATED DOCUMENTATION IN TERMS OF THEIR CORRECTNESS, ACCURACY, RELIABILITY OR OTHERWISE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO PORTIONS OF THE ABOVE EXCLUSION MAY NOT APPLY TO YOU.
4.2 Disclaimer. PRACTICAL SECURITY ANALYTICS LLC DOES NOT REPRESENT THAT THE SOFTWARE WILL BE UNINTERRUPTED, ERROR-FREE, OR WILL MEET CUSTOMER’S REQUIREMENTS. EXCEPT FOR THE WARRANTY ABOVE, PRACTICAL SECURITY ANALYTICS LLC MAKES NO OTHER WARRANTIES OR REPRESENTATIONS, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF THIRD PARTY RIGHTS. PRACTICAL SECURITY ANALYTICS LLC MAKES NO WARRANTY THAT ALL SECURITY RISKS OR THREATS WILL BE DETECTED BY USE OF THE SOFTWARE OR THAT FALSE POSITIVES WILL NOT BE FOUND.
5. LIMITATION OF LIABILITY
5.1 Exclusion of Certain Damages. NEITHER PARTY WILL BE LIABLE UNDER THIS AGREEMENT FOR LOST REVENUES OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, EVEN IF THE PARTY KNEW OR SHOULD HAVE KNOWN THAT SUCH DAMAGES WERE POSSIBLE.
5.2 Limitation on Amount of Liability. NEITHER PARTY WILL BE LIABLE UNDER THIS AGREEMENT FOR MORE THAN THE TOTAL AMOUNT PAID OR PAYABLE BY CUSTOMER TO PRACTICAL SECURITY ANALYTICS LLC HEREUNDER DURING THE TWELVE MONTHS IMMEDIATELY PRIOR TO THE EVENT GIVING RISE TO LIABILITY, EXCEPT THAT THE LIMITATION IN THIS SECTION 5.2 SHALL NOT APPLY TO: (I) VIOLATIONS OF A PARTY’S INTELLECTUAL PROPERTY RIGHTS BY THE OTHER PARTY; OR (II) A PARTY’S EXPRESS INDEMNIFICATION OBLIGATIONS UNDER THIS AGREEMENT.
6. VOLUME LIMITATIONS
6.1 Usage Verification. Customer understands and acknowledges that the Software may track and/or enforce its Volume Limitations. Additionally, upon Practical Security Analytics LLC’s written request, such request not to exceed once every six months, Customer shall provide Practical Security Analytics LLC with a signed certification verifying that the Software is being used in accordance with this Agreement. In addition to the foregoing, at Practical Security Analytics LLC’s written request, Customer will permit Practical Security Analytics LLC to review and verify Customer’s records, deployment, and use of the Software for compliance with the terms and conditions of this Agreement, at Practical Security Analytics LLC’s expense. Any such review shall be scheduled at least ten days in advance, shall be conducted during normal business hours at Customer’s facilities, and shall not unreasonably interfere with Customer’s business activities.
6.2 Overscanning. In the event that the Service is used in excess of the Volume Limitations, following a reasonable notification period Customer shall be liable for, and Practical Security Analytics LLC reserves the right to invoice for, the fees for such excess usage at Practical Security Analytics LLC’s then current list rates, or as otherwise set forth on the Order Form, notwithstanding the limitation on liability in Section 5.2 of this Agreement.
7. CONFIDENTIALITY
7.1 Confidential Information. “Confidential Information” means information provided by one party to the other party which is designated in writing as confidential or proprietary, as well as information which a reasonable person familiar with the disclosing party’s business and the industry in which it operates would know is of a confidential or proprietary nature. A party will not disclose the other party’s Confidential Information to any third party without the prior written consent of the other party, nor make use of any of the other party’s Confidential Information except in its performance under this Agreement. Each party accepts responsibility for the actions of its agents or employees and shall protect the other party’s Confidential Information in the same manner as it protects its own Confidential Information, but in no event with less than reasonable care. The parties expressly agree that the terms and pricing of this Agreement are Confidential Information. A receiving party shall promptly notify the disclosing party upon becoming aware of a breach or threatened breach hereunder and shall cooperate with any reasonable request of the disclosing party in enforcing its rights.
7.2 Exclusions. Information will not be deemed Confidential Information if such information: (i) is known prior to receipt from the disclosing party, without any obligation of confidentiality; (ii) becomes known to the receiving party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing party; (iii) becomes publicly known or otherwise publicly available, except through a breach of this Agreement; or (iv) is independently developed by the receiving party without use of the disclosing party’s Confidential Information. The receiving party may disclose Confidential Information pursuant to the requirements of applicable law, legal process or government regulation, provided that, unless prohibited from doing so by law enforcement or court order, the receiving party gives the disclosing party reasonable prior written notice, and such disclosure is otherwise limited to the required disclosure.
8. TERM & TERMINATION
8.1 The Software Term will automatically renew for an additional one year term at the rate listed on the applicable Order Form unless (i) otherwise indicated on the Order Form or (ii) either party provides the other with written notice of its election not to renew at least 30 days prior to the anniversary date. Any renewal will be invoiced at the rate indicated on the applicable Order Form. In connection with any renewal term, Practical Security Analytics LLC reserves the right to change the rates, applicable charges and usage policies and to introduce new charges for any subsequent Subscription Term, upon providing Customer written notice thereof (which may be provided by e-mail) at least 60 days prior to the end of the applicable term.
8.2 This Agreement or an Order Form may be terminated: (i) by either party if the other party is adjudicated as bankrupt, or if a petition in bankruptcy is filed against the other party and such petition is not discharged within sixty days of such filing; or (ii) by either party if the other party materially breaches this Agreement or the Order Form and fails to cure such breach to such party’s reasonable satisfaction within thirty days following receipt of written notice thereof. Customer’s license to use the Software shall terminate upon the expiration of the applicable Software Term. Upon any termination of this Agreement or an Order Form by Practical Security Analytics LLC, all applicable licenses are revoked and Customer shall immediately cease use of the applicable Software and certify in writing to Practical Security Analytics LLC within thirty days that Customer has destroyed or returned to Practical Security Analytics LLC such Software and all copies thereof. Termination of this Agreement or a license granted hereunder shall not relieve Customer of its obligation to pay all fees that have accrued, have been paid, or have become payable by Customer hereunder. All provisions of this Agreement which by their nature are intended to survive the termination of this Agreement shall survive such termination.
9. INDEMNIFICATION
9.1 By Practical Security Analytics LLC. Practical Security Analytics LLC will indemnify, defend, and hold harmless Customer from and against all liabilities, damages, and costs (including settlement costs and reasonable attorneys' fees) arising out of a third party claim that the Software infringes or misappropriates any intellectual property right of such third party. Notwithstanding the foregoing, in no event shall Practical Security Analytics LLC have any obligations or liability under this Section arising from: (i) use of any Software in a manner not anticipated by this Agreement or in combination with materials not furnished by Practical Security Analytics LLC; or (ii) any content, information or data provided by Customer or other third parties. If the Software is or is likely to become subject to a claim of infringement or misappropriation, then Practical Security Analytics LLC will, at its sole option and expense, either: (i) obtain for the Customer the right to continue using the Software; (ii) replace or modify the Software to be non-infringing and substantially equivalent to the infringing Software; or (iii) if options (i) and (ii) above cannot be accomplished despite the reasonable efforts of Practical Security Analytics LLC, then Practical Security Analytics LLC may terminate Customer’s rights to use the infringing Software and will refund pro-rata any prepaid fees for the infringing portion of the Software. THE RIGHTS GRANTED TO CUSTOMER UNDER THIS SECTION 9.1 SHALL BE CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR ANY ALLEGED INFRINGEMENT BY THE SOFTWARE OF ANY PATENT, COPYRIGHT, OR OTHER PROPRIETARY RIGHT.
9.2 By Customer. Customer will indemnify, defend, and hold harmless Practical Security Analytics LLC from and against all liabilities, damages, and costs (including settlement costs and reasonable attorneys' fees) arising out of a third party claim regarding Customer's: (i) use of the Software in violation of applicable law; or (ii) breach of the representation and warranty made in Section 2.7 and 10.4 of this Agreement.
10. GENERAL PROVISIONS
10.1 Miscellaneous. This Agreement shall be construed in accordance with and governed for all purposes by the laws of the State of Delaware (for customers located in North America), or England & Wales (for customers located outside of North America), each excluding its respective choice of law provisions and each party consents and submits to the jurisdiction and forum of the state and federal courts in the State of Delaware (for customers located in the United States) or London, England (for customers located outside the United States) for all questions and controversies arising out of this Agreement and waives all objections to venue and personal jurisdiction in these forums for such disputes; (b) this Agreement, along with the accompanying Order Form(s) constitute the entire agreement and understanding of the parties hereto with respect to the subject matter hereof and supersedes all prior agreements and undertakings, both written and oral; (c) this Agreement and each Order Form may not be modified except by a writing signed by each of the parties; (d) in case any one or more of the provisions contained in this Agreement shall for any reason be held to be invalid, illegal, or unenforceable in any respect, such invalidity, illegality, or unenforceability shall not affect any other provisions of this Agreement, but rather this Agreement shall be construed as if such invalid, illegal, or other unenforceable provision had never been contained herein; (e) Customer shall not assign its rights or obligations hereunder without Practical Security Analytics LLC's advance written consent; (f) subject to the foregoing subsection (e), this Agreement shall be binding upon and shall enure to the benefit of the parties hereto and their successors and permitted assigns; (g) no waiver of any right or remedy hereunder with respect to any occurrence or event on one occasion shall be deemed a waiver of such right or remedy with respect to such occurrence or event on any other occasion; (h) nothing in this Agreement, express or implied, is intended to or shall confer upon any other person any right, benefit, or remedy of any nature whatsoever under or by reason of this Agreement, including but not limited to any of Customer’s own clients, customers, or employees; (i) the headings to the sections of this Agreement are for ease of reference only and shall not affect the interpretation or construction of this Agreement; (j) terms in an Order Form have precedence over conflicting terms in this Agreement, but have applicability only to that particular Order Form; and (k) this Agreement may be executed in two or more counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument.
10.2 Export. Each party acknowledges that the export, re-export, deemed export, and import of the Software and Documentation by Customer and Practical Security Analytics LLC is subject to certain laws, rules, executive orders, directives, arrangements, and regulations of the United States and of other countries. Each party agrees to comply with all applicable laws with respect to the exportation, importation, and use of the Software and Documentation.
10.3 Injunctive Relief. Notwithstanding any other provision of this Agreement, both parties acknowledge that any breach of this Agreement may cause the other party irreparable and immediate damage for which remedies other than injunctive relief may be inadequate. Therefore, the parties agree that, in addition to any other remedy to which a party may be entitled hereunder, at law or equity, each party shall be entitled to seek an injunction to restrain such use in addition to other appropriate remedies available under applicable law.
10.4 Relationship of the Parties. Practical Security Analytics LLC and Customer are independent contractors, and nothing in this Agreement shall be construed as making them partners or creating the relationships of principal and agent between them, for any purpose whatsoever. Neither party shall make any contracts, warranties or representations or assume or create any obligations, express or implied, in the other party’s name or on its behalf.
10.5 US Government Restricted Rights. This Section applies to all acquisitions of the Software or Services by or for the US federal government, or by any prime contractor or subcontractor (at any tier) under any contract, grant, cooperative agreement, or other activity with the federal government for the Government’s end use. The Software and Services are “commercial items” as that term is defined at FAR 2.101. If Customer is an Executive Agency (as defined in FAR 2.101) of the U.S. Federal Government (“Government”), Practical Security Analytics LLC provides the Software and Services, including any related technical data and/or professional services in accordance with the following: If a right to access the Software and Services is procured by or on behalf of any Executive Agency (other than an Executive Agency within the Department of Defense (DoD)), the Government is granted, in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Computer Software), only those rights in technical data and software customarily provided to Practical Security Analytics LLC’s customers as such rights are described in this Agreement. If a right to access the Software and Services is procured by or on behalf of any Executive Agency within the DoD, the Government is granted, in accordance with DFARS 227.7202-3 (Rights in commercial computer software or commercial computer software documentation), only those rights in technical data and software that are customarily provided to Practical Security Analytics LLC’s customers as such rights are described in this Agreement. In addition, DFARS 252.227-7015 (Technical Data – Commercial Items) applies to technical data provided by Practical Security Analytics LLC to an Executive Agency within the DoD. Note, however, that Subpart 227.72 does not apply to computer software or computer Service documentation acquired under GSA schedule contracts. Except as expressly permitted under this Agreement, no other rights or licenses are granted to the Government. Any rights requested by the Government and not granted under this Agreement must be separately agreed in writing with Practical Security Analytics LLC. This Section 10.6 of the Agreement is in lieu of, and supersedes, any other FAR, DFARS, or other clause, provision, or supplemental regulation that addresses Government rights in the Software and Services.
10.6 Force Majeure. Other than payment obligations hereunder, neither party will be liable for any inadequate performance to the extent caused by a condition that was beyond the party's reasonable control (including, but not limited to, natural disaster, act of war or terrorism, riot, global health crisis, acts of God, or government intervention), except for mere economic hardship, so long as the party continues to use commercially reasonable efforts to resume performance.
10.7 No Reliance. Customer represents that it has not relied on the availability of any future version of the Software or any future product or service in executing this Agreement or purchasing any Software hereunder.
10.8 Notices. Unless specified otherwise herein, (i) all notices must be in writing and addressed to the attention of the other party's legal department and primary point of contact, and (ii) notice will be deemed given: (a) when verified by written receipt if sent by personal courier, overnight courier, or when received if sent by mail without verification of receipt; or (b) when verified by automated receipt or electronic logs if sent by email. When sent by email, notices to Practical Security Analytics LLC must be sent to [email protected].
10.9 Publicity. Customer acknowledges that Practical Security Analytics LLC may use Customer’s name and logo for the purpose of identifying Customer as a customer of Practical Security Analytics LLC products and/or services. Practical Security Analytics LLC will cease using Customer’s name and logo upon written request.
10.10 Compliance with Law. Each party agrees to comply with all applicable federal, state and local laws and regulations including but not limited to export law, and those governing the use of network scanners, vulnerability assessment software products, encryption devices, user monitoring, and related software in all jurisdictions in which systems are scanned, scanning is controlled, or users are monitored.