Synopsys logo

Service Evaluation Terms

These NTT Security AppSec Solutions Inc. dba WhiteHat Security (“WhiteHat”) Service Evaluation Terms (these “Evaluation Terms”) apply to any Services which shall consist of WhiteHat’s application vulnerability scanning services that include the associated software and access to WhiteHat’s hosted software application (the “Services”) that you (“You” or “Evaluator”) will receive from WhiteHat directly or through its authorized reseller partner (“Partner”) for evaluation purposes.
Evaluator acknowledges and agrees that Evaluator has read, understood and agreed to the terms and conditions of these Evaluation Terms. IF YOU DO NOT AGREE WITH ALL THE TERMS, CONDITIONS AND LIMITATIONS OF THESE EVALUATION TERMS, YOU ARE NOT AUTHORIZED TO RECEIVE THE SERVICES. WRITTEN APPROVAL IS NOT A PREREQUISITE TO THE VALIDITY OR ENFORCEABILITY OF THESE EVALUATION TERMS AND NO SOLICITATION OF ANY SUCH WRITTEN APPROVAL BY OR ON BEHALF OF WHITEHAT SHALL BE CONSTRUED AS AN INFERENCE TO THE CONTRARY. WHITEHAT’S ACCEPTANCE IS EXPRESSLY CONDITIONAL ON EVALUATOR’S ASSENT TO THESE EVALUATION TERMS TO THE EXCLUSION OF ALL OTHER TERMS; IF THESE TERMS ARE CONSIDERED AN OFFER BY WHITEHAT, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS.

1. LICENSE FOR SERVICES / EVALUATOR RESPONSIBILITIES

1.1 During the Term (as defined in Section 2 below) and subject to the terms and conditions of these Evaluation Terms, WhiteHat shall provide to Evaluator a limited, non-exclusive, non-transferable license to use and access the Services for Evaluator’s Applications (as defined in Section 1.2) set forth in the Service Order (as defined in Section 1.3 below), only in accordance with the documentation supplied by WhiteHat.

1.2 For the purposes of this Evaluation Agreement, a (i) Web Application, (ii) Source Application – Single Branch and (iii) Source Application – Multiple Branch, shall have the meanings set forth below and shall collectively be referred to as an “Application” or “Applications”.
(a) Web Application. A “Web Application” means a group of related host names and one set of user login credentials. Evaluator will provide to WhiteHat in writing the host names representing the Web Applications to be tested by the Services.
(b) Source Application – Single Branch. A “Source Application – Single Branch” is defined as one main branch with one version of the same application.
(c) Source Application – Multiple Branch. A “Source Application – Multiple Branch” is defined as multiple branches of up to five (5) versions of the same application. Applications must share at least 80% of their code base to be considered versions of the same application.

1.3 The Services provided by WhiteHat to Evaluator for evaluation may be set forth in an applicable Service Order. A Service Order is (i) any ordering documentation for the Services for evaluation by Evaluator (e.g. a statement of work, order form, service order, etc.) and (ii) where Evaluator is requesting an evaluation of the Services through a WhiteHat portal, an email confirmation from WhiteHat accepting Evaluator’s request and describing the Services to be provided and evaluated (a “Service Order”). A Service Order is an integral part of these Evaluation Terms and is fully incorporated herein.

1.4 Evaluator acknowledges and agrees that (i) it is Evaluator’s sole responsibility to update and maintain the Application(s), including without limitation, fixing any security vulnerability revealed by the Services and Reports (ii) the Reports, including any remedial measures or source code provided therein which may address vulnerabilities, are not guaranteed by WhiteHat and (iii) it is Evaluator’s sole responsibility to test, vet and confirm that any such remedial measures are appropriate for Evaluator’s purposes. Evaluator further acknowledges and agrees that Evaluator’s use of the Services does not render or guarantee that the Applications will be invulnerable or free from unauthorized access. Evaluator further acknowledges and agrees that Evaluator’s use of the Services starts on the Effective Date defined in the Service Order and the Evaluator is responsible for providing all configuration data (host names, user accounts, etc.) needed to perform the Services. Failure to provide configuration data does not release Evaluator from any responsibility in these Evaluation Terms. Evaluator acknowledges and agrees that Evaluator’s and its users’ use of the Services is dependent upon access to telecommunications and Internet services. Evaluator shall be solely responsible for acquiring and maintaining all telecommunications and Internet services and other hardware and software required for its access and use of the Services, including, without limitation, any and all costs, fees, expenses, and taxes of any kind related to the foregoing. WhiteHat shall not be responsible for any loss or corruption of data, lost communications, or any other loss or damage of any kind arising from any such telecommunications and Internet services.

2. TERM AND TERMINATION. Unless otherwise agreed to between the parties, these Evaluation Terms shall commence on the later of (i) the date WhiteHat begins providing the Services and (ii) the Effective Date listed on the Service Order (the “Effective Date”), and shall continue for the term set forth on the Service Order, or as extended in writing by WhiteHat (email notification of extension is acceptable) (the “Term”), unless earlier terminated as set forth herein. WhiteHat may, at its option, terminate these Evaluation Terms immediately if Evaluator (i) fails to comply with any terms and conditions of these Evaluation Terms or (ii) uses the Service(s) other than as authorized herein. Sections 3-7 shall survive termination or expiration of these Evaluation Terms.

3. PROPRIETARY RIGHTS

3.1 Applications. Evaluator hereby grants WhiteHat the right to access, use, assess and test the Application(s) in order to perform the Services for the Application(s) on behalf of Evaluator. Evaluator acknowledges and agrees that WhiteHat’s access and use of the Application(s) when providing the Services, is not subject to any “Terms of Use” or other terms or conditions that may be posted on, linked or otherwise provided with, the Application(s). Evaluator represents that it is either the owner of the Application(s) or has the authority to permit WhiteHat to provide the Services for the Application(s). Evaluator shall provide WhiteHat adequate written evidence thereof upon WhiteHat’s request. In the event the Applications are owned by a third party, Evaluator shall indemnify WhiteHat for any claims against WhiteHat that arise from WhiteHat accessing such Applications to provide the Services.

3.2 Restrictions. Evaluator shall not: (a) copy or otherwise reproduce, whether in whole or in part, the Services or software associated therewith; (b) modify or create any derivative work of the Services or software associated therewith; (c) sell, rent, loan, license, sublicense, distribute, assign or otherwise transfer the Services or software associated therewith; (d) cause or permit the disassembly, decompilation or reverse engineering of the Services or software associated therewith or otherwise attempt to gain access to the source code to the Services or software associated therewith; or (e) cause or permit any third party to do any of the
foregoing.

3.3 Reservation of Rights. Each party reserves all rights not expressly granted in these Evaluation Terms and no licenses are granted by either party to the other party under these Evaluation Terms except as expressly stated in this paragraph, whether by implication, estoppel or otherwise. WhiteHat owns and retains all right, title and interest (including all intellectual property rights) in and to the Services and associated software and materials, including any modifications or improvements thereof and to all data generated by performing the Services. WhiteHat hereby grants Evaluator a non-exclusive, irrevocable, perpetual, royalty free right and license to use the WhiteHat intellectual property contained in any (i) data reports generated by the Services for the Application(s) that contain the results of the tests performed by the Services, or (ii) remedial measures recommended by WhiteHat (collectively the “Reports”) for any legal purpose.

4. No Warranty. WHITEHAT PROVIDES THE SERVICES “AS IS” AND MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, WITH RESPECT TO THE SERVICES, REPORTS OR ANY OTHER RELATED DATA OBTAINED FROM THE DATA, AND SPECIFICALLY DISCLAIMS ANY WARRANTY OF AVAILABILITY, ACCURACY, RELIABILITY, USEFULNESS, ANY IMPLIED WARRANTY OF MERCHANTABILITY, NONINFRINGEMENT, TITLE OR FITNESS FOR A PARTICULAR PURPOSE AND ANY CONDITION OR WARRANTY ARISING FROM COURSE OF PERFORMANCE, DEALING OR USAGE OF TRADE.

5. LIMITATION OF LIABILITY. IN NO EVENT SHALL WHITEHAT HAVE ANY LIABILITY TO EVALUATOR OR ANY THIRD PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES OR ANY LOST OPPORTUNITY, DATA OR PROFITS, OR THE COSTS OF PROCUREMENT OR SUBSTITUTE GOODS OR SERVICES, ARISING OUT OF THESE EVALUATION TERMS, OR ANY EXHIBIT, SCHEDULE OR ADDENDUM THERETO, UNDER ANY CAUSE OF ACTION OR THEORY OF LIABILITY (INCLUDING NEGLIGENCE OR OTHER TORT), WHETHER OR NOT WHITEHAT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL WHITEHAT’S AGGREGATE LIABILITY HEREUNDER FOR ANY CAUSE OF ACTION OR THEORY OF LIABILITY EXCEED ONE THOUSAND DOLLARS ($1,000.00). WHITEHAT SHALL NOT BE RESPONSIBLE FOR ANY MATTER BEYOND ITS REASONABLE CONTROL.

6. CONFIDENTIALITY. By virtue of these Evaluation Terms, the parties may have access to each other’s Confidential Information. “Confidential Information,” as used in these Evaluation Terms, means any written, machine-reproducible and/or visual materials that are clearly labeled as proprietary, confidential, or with words of similar meaning, and all information that is orally or visually disclosed, if not so marked, if it is identified as proprietary or confidential at the time of its disclosure or in a writing provided within thirty (30) days after disclosure. Confidential Information does not include information that: (a) is now, or hereafter becomes, through no act or failure to act on the part of the receiving party, generally known or available to the public; (b) was acquired by the receiving party before receiving such information from the disclosing party and without restriction as to use or disclosure; (c) is hereafter rightfully furnished to the receiving party by a third party, without restriction as to use or disclosure; or (d) is information which the receiving party can document was independently developed by the receiving party without use of the disclosing party’s Confidential Information.
Neither party shall disclose any of the other party’s Confidential Information to any third party or use such Confidential Information for any purpose other than to (i) perform its obligations or exercise its rights under these Evaluation Terms; or (ii) as otherwise required by law. Each party shall use the same measures to protect the Confidential Information of the other party as it uses with respect to its own confidential information of like importance, but in no event shall it use less than reasonable care, including, instructing its employees, vendors, agents, consultants and independent contractors of the foregoing and requiring them to be bound by appropriate confidentiality agreements. If a party is required to disclose by law Confidential Information of the other party, such party shall use best efforts to give the other party reasonable advance notice of such required disclosure. WhiteHat reserves the right to disclose the terms and conditions of these Evaluation Terms, in confidence, (a) to accountants, banks and financing sources and their advisors for the purpose of securing financing; or (b) in connection with an actual or proposed merger or acquisition or similar transaction. Upon termination or expiration of these Evaluation Terms the receiving party will promptly return to the disclosing party or destroy, at the disclosing party’s option, all tangible items containing or consisting of the disclosing party’s Confidential Information.

7. GENERAL. The parties are independent contractors, and nothing in these Evaluation Terms is intended to or shall create any agency, partnership or joint venture relationship between them. These Evaluation Terms shall be governed by the laws of the State of California without reference to conflicts of laws principles. Evaluator may not assign these Evaluation Terms, or any of its rights or obligations hereunder, by operation of law or otherwise, without WhiteHat’s prior written consent. The failure of either party to exercise any right granted herein or to require any performance of any term of these Evaluation Terms or the waiver by either party of any breach of these Evaluation Terms shall not be deemed a waiver of any subsequent breach of, the same or any other term of these Evaluation Terms. These Evaluation Terms constitute the entire agreement between WhiteHat and Evaluator with respect to the subject matter hereof and supersede any and all other written or oral agreements existing between the parties hereto regarding the subject matter of these Evaluation Terms. These Evaluation Terms may not be modified without the prior written consent of both parties.