Updated November 2016
These NTT Security AppSec Solutions Inc. dba WhiteHat Security (“WhiteHat”) Service Evaluation Terms (“Evaluation Terms”) apply to any Services you (“You” or “Evaluator”) will receive from WhiteHat directly or through its authorized reseller partner for evaluation purposes.
For the purpose of these Evaluation Terms, “Services” shall mean WhiteHat’s application and API security testing, vulnerability management and benchmarking, and related services (including associated software and access to WhiteHat’s hosted software application). If you are accepting these Evaluation Terms on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind that company or other legal entity to these Evaluation Terms, and, in such event, “you”, “your”, and “Evaluator” will refer to that company or other legal entity.
IF YOU DO NOT AGREE WITH ALL THE TERMS, CONDITIONS AND LIMITATIONS OF THESE EVALUATION TERMS, YOU ARE NOT AUTHORIZED TO RECEIVE THE SERVICES. WRITTEN APPROVAL IS NOT A PREREQUISITE TO THE VALIDITY OR ENFORCEABILITY OF THESE EVALUATION TERMS AND NO SOLICITATION OF ANY SUCH WRITTEN APPROVAL BY OR ON BEHALF OF WHITEHAT SHALL BE CONSTRUED AS AN INFERENCE TO THE CONTRARY. WHITEHAT’S ACCEPTANCE IS EXPRESSLY CONDITIONAL ON EVALUATOR’S ASSENT TO THESE EVALUATION TERMS TO THE EXCLUSION OF ALL OTHER TERMS; IF THESE TERMS ARE CONSIDERED AN OFFER BY WHITEHAT, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS.
1. LICENSE FOR SERVICES / EVALUATOR RESPONSIBILITIES.
1.1 During the Term (as defined in Section 2 below) and subject to the terms and conditions of these Evaluation Terms, WhiteHat shall provide to Evaluator a limited, non-exclusive, non-transferable license to use and access the Services described in the Service Order (as defined in Section 1.3 below), for Evaluator’s Application(s) and/or API(s) (as defined in Section 1.2) only for Evaluator’s own legal purposes (for clarity, not for resale).
(a) “Application” or “Applications” means a (i) Web Application, (ii) Source Application, and/or (iii) Mobile Application (each as defined below).
(b) “Web Application” means a group of related host names and one set of user login credentials. Evaluator will provide to WhiteHat in writing the host names representing the Web Applications to be tested by the Services.
(c) “Source Application” means the smallest single unit of source code in a single environment (e.g. development, staging, production, etc.) in which such source code is housed when scanned by the Services (“Environment”) that can run independently on a server or mobile device, the code base of which does not change more than 20% between Service scans. WhiteHat Services for Source Applications are available for the following (but if none of the following are identified in a Service Order then Source Application shall be defined as up to one hundred thousand (100,000) Lines of Code of the Evaluator’s source code):
(i) An Extra-Small Source Application less than either 4MB in the size of the uncompressed source code in megabytes as measured by WhiteHat based on the average of up to the last 20 scans (“Uncompressed Source File Size”) or 100,000 lines of source code containing any characters (excluding comments and white spaces) as measured by WhiteHat based on the average of up to the last 20 scans (“Lines of Code”).
(ii) A Small Source Application less than either 10MB in Uncompressed File Size or 250,000 Lines of Code.
(iii) A Medium Source Application less than either 20MB in Uncompressed File Size or 500,000 Lines of Code.
(iv) A Large Source Application less than either 60MB in Uncompressed File Size or 1,500,000 Lines of Code.
(v) An Extra-Large Source Application less than either 120MB in Uncompressed File Size or 3,000,000 Lines of Code.
(vi) A Double-Extra Large Source Application less than either 200MB in Uncompressed Source File Size or 5,000,000 Lines of Code.
(e) “API” means a web service that is accessed via a URL, and is described using the web services description language (WSDL) (limited to simple object access protocol (SOAP) or hypertext transfer protocol (HTTP)) or a representational state transfer (RESTful) API (limited to HTTP).
(f) “Operation” means a discrete function accessed via a combination of its API’s base URL, the Operation’s name, and a request payload.
1.3 The Services provided by WhiteHat to Evaluator for evaluation may be set forth in an applicable Service Order. For purposes of these Evaluation Terms, a Service Order may be an email confirmation from WhiteHat accepting Evaluator’s request or a quote or other order document provided by WhiteHat and signed by Evaluator, in all cases describing the Services to be provided and evaluated (a “Service Order”). A Service Order is an integral part of these Evaluation Terms and is fully incorporated herein.
1.4 Evaluator acknowledges and agrees that (i) it is Evaluator’s sole responsibility to update and maintain the Application(s) and/or API(s), including without limitation, fixing any security vulnerabilities revealed by the Services and Reports; (ii) the Reports, including any remedial measures or source code provided therein which may address vulnerabilities, are not guaranteed by WhiteHat to show all vulnerabilities in the Application(s) and/or API(s); (iii) it is Evaluator’s sole responsibility to test, vet and confirm that any proposed remedial measures referenced in the Reports or otherwise referenced by WhiteHat to Evaluator are appropriate for Evaluator’s purposes, and (iv) Evaluator’s use of the Services does not render or guarantee that the Application(s) and/or API(s) will be invulnerable or free from unauthorized access. Evaluator further acknowledges and agrees that Evaluator’s use of the Services starts on the Effective Date (defined below) and the Evaluator is responsible for providing all configuration data (host names, user accounts, etc.) needed to perform the Services. Failure to provide configuration data does not release Evaluator from any responsibility in these Evaluation Terms. Evaluator acknowledges and agrees that Evaluator’s and its users’ use of the Services is dependent upon access to telecommunications and Internet services. Evaluator shall be solely responsible for acquiring and maintaining all telecommunications and Internet services and other hardware and software required for its access and use of the Services, including, without limitation, any and all costs, fees, expenses, and taxes of any kind related to the foregoing. WhiteHat shall not be responsible for any loss or corruption of data, lost communications, or any other loss or damage of any kind arising from any such telecommunications and Internet services.
2. TERM AND TERMINATION. Unless otherwise agreed to between the parties, these Evaluation Terms shall commence on the date set forth on a quote or other order document provided by WhiteHat, or if not then on the later of (i) the date WhiteHat begins providing the Services and (ii) the date Evaluator accepts these terms online or signs the Service Order (the “Effective Date”), and shall continue for a period of thirty (30) days, or as extended in writing by WhiteHat (email notification of extension is acceptable) (the “Term”), unless earlier terminated as set forth herein. WhiteHat may, at its option, terminate these Evaluation Terms immediately if Evaluator (i) fails to comply with any terms and conditions of these Evaluation Terms or (ii) uses the Service(s)
other than as authorized herein. Sections 3-7 shall survive termination or expiration of these Evaluation Terms.
3. PROPRIETARY RIGHTS
3.2 Restrictions. Evaluator shall not: (a) copy or otherwise reproduce, whether in whole or in part, the Services or software associated therewith; (b) modify or create any derivative work of the Services or software associated therewith; (c) sell, rent, loan, license, sublicense, distribute, assign or otherwise transfer the Services or software associated therewith; (d) cause or permit the disassembly, decompilation or reverse engineering of the Services or software associated therewith or otherwise attempt to gain access to the source code to the Services or software associated therewith; or (e) cause or permit any third party to do any of the foregoing.
3.3 Reservation of Rights. Each party reserves all rights not expressly granted in these Evaluation Terms and no licenses are granted by either party to the other party under these Evaluation Terms except as expressly stated in this paragraph, whether by implication, estoppel or otherwise. WhiteHat and its licensors own and retain all right, title and interest (including all intellectual property rights) in and to the Services and associated software and materials, including any modifications or improvements thereof and to all data generated by performing the Services. WhiteHat hereby grants Evaluator a non-exclusive, irrevocable, perpetual, royalty free right and license to use the WhiteHat intellectual property contained in any (i) data reports generated by the Services for the Application(s) and/or API(s) that contain the results of the tests performed by the Services, or (ii) remedial measures recommended by WhiteHat (collectively the “Reports”) for its own legal purposes (for clarity, not for resale).
4. Payment Terms. Promptly following the Effective Date of a Service Order: WhiteHat (or if applicable the Evaluator’s reseller partner) will invoice the Evaluator for the fees set forth in a Service Order; the Evaluator shall provide a purchase order or clearly communicate that no purchase order is required; and the Evaluator shall pay the fees set forth in an order in advance or otherwise as stated on the Service Order.
5. No Warranty. WHITEHAT PROVIDES THE SERVICES “AS IS” AND MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, WITH RESPECT TO THE SERVICES, REPORTS OR ANY OTHER RELATED DATA OBTAINED FROM THE SERVICES, AND SPECIFICALLY DISCLAIMS ANY WARRANTY OF AVAILABILITY, ACCURACY, RELIABILITY, USEFULNESS, ANY IMPLIED WARRANTY OF MERCHANTABILITY, NONINFRINGEMENT, TITLE OR FITNESS FOR A PARTICULAR PURPOSE AND ANY CONDITION OR WARRANTY ARISING FROM COURSE OF PERFORMANCE, DEALING OR USAGE OF TRADE.
6. LIMITATION OF LIABILITY. IN NO EVENT SHALL WHITEHAT HAVE ANY LIABILITY TO EVALUATOR OR ANY THIRD PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES OR ANY LOST OPPORTUNITY, DATA OR PROFITS, OR THE COSTS OF PROCUREMENT OR SUBSTITUTE GOODS OR SERVICES, ARISING OUT OF THESE EVALUATION TERMS, OR ANY EXHIBIT, SCHEDULE OR ADDENDUM THERETO, UNDER ANY CAUSE OF ACTION OR THEORY OF LIABILITY (INCLUDING NEGLIGENCE OR OTHER TORT), WHETHER OR NOT WHITEHAT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL WHITEHAT’S AGGREGATE LIABILITY HEREUNDER FOR ANY CAUSE OF ACTION OR THEORY OF LIABILITY EXCEED ONE THOUSAND DOLLARS ($1,000.00). WHITEHAT SHALL NOT BE RESPONSIBLE FOR ANY MATTER BEYOND ITS REASONABLE CONTROL.
7. CONFIDENTIALITY. By virtue of these Evaluation Terms, the parties may have access to each other’s Confidential Information. “Confidential Information,” as used in these Evaluation Terms, means any written, machine-reproducible and/or visual materials that are clearly labeled as proprietary, confidential, or with words of similar meaning, and all information that is orally or visually disclosed, if not so marked, if it is identified as proprietary or confidential at the time of its disclosure or in a writing provided within thirty (30) days after disclosure. Confidential Information does not include information that: (a) is now, or hereafter becomes, through no act or failure to act on the part of the receiving party, generally known or available to the public; (b) was acquired by the receiving party before receiving such information from the disclosing party and without restriction as to use or disclosure; (c) is hereafter rightfully furnished to the receiving party by a third party, without restriction as to use or disclosure; or (d) is information which the receiving party can document was independently developed by the receiving party without use of the disclosing party’s Confidential Information.
Neither party shall disclose any of the other party’s Confidential Information to any third party or use such Confidential Information for any purpose other than to (i) perform its obligations or exercise its rights under these Evaluation Terms; or (ii) as otherwise required by law. Each party shall use the same measures to protect the Confidential Information of the other party as it uses with respect to its own confidential information of like importance, but in no event shall it use less than reasonable care, including, instructing its employees, vendors, agents, consultants and independent contractors of the foregoing and requiring them to be bound by appropriate confidentiality agreements. If a party is required to disclose by law Confidential Information of the other party, such party shall use best efforts to give the other party reasonable advance notice of such required disclosure. WhiteHat reserves the right to disclose the terms and conditions of these Evaluation Terms, in confidence, (a) to accountants, banks and financing sources and their advisors for the purpose of securing financing; or (b) in connection with an actual or proposed merger or acquisition or similar transaction. Upon termination or expiration of these Evaluation Terms the receiving party will promptly return to the disclosing party or destroy, at the disclosing party’s option, all tangible items containing or consisting of the disclosing party’s Confidential Information.
8. GENERAL. These Evaluation Terms and each Service Order together constitute the entire agreement between WhiteHat and Evaluator with respect to the subject matter hereof and supersede any and all other prior and contemporaneous agreements, representations and understandings between the parties hereto regarding the subject matter hereof. Any terms contained in a purchase order or invoice issued by either party in connection with a transaction covered by these Evaluation Terms are null and void. Where there is a conflict between a Service Order and these Evaluation Terms, the terms contained in the Service Order will take precedence re
lating to the matter for which there was a conflict. Any term or provision of these Evaluation Terms or Service Order may be amended, and observance of any provision of these Evaluation Terms or Service Order may be waived, only be a writing signed by the party to be bound; provided that WhiteHat reserves the right to unilaterally amend these Evaluation Terms from time to time so long as the Evaluator’s use of the Services is not materially detrimentally impacted. If any provision of the Evaluation Terms or Service Order is found to be invalid or unenforceable, such provision shall be severed from the Evaluation Terms or Service Order and the remainder of the Evaluation Terms or Service Order shall be interpreted so as best to reasonably affect the intent of the parties hereto. All headings in the Evaluation Terms and Service Order are not to be considered in the construction or interpretation of any provision of the Evaluation Terms or Service Order. The parties are independent contractors, and nothing in these Evaluation Terms is intended to or shall create any agency, partnership or joint venture relationship between them. These Evaluation Terms shall be governed by the laws of the State of California without reference to conflicts of laws principles. The parties consent to exclusive jurisdiction and venue in state and federal courts sitting in and for Santa Clara County, California. Each party reserves the right to seek injunctive relief due to the other party’s actual or threatened breach of the Evaluation Terms or Service Order. Neither party shall be responsible for any non-performance or delay attributable to any cause beyond its reasonable control (force majeure). Evaluator may not assign these Evaluation Terms, or any of its rights or obligations hereunder, by operation of law or otherwise, without WhiteHat’s prior written consent. The following provisions shall survive the termination or expiration of a Service Order: Sections 1.4, 3.2, 3.3, 4, 5, 6, 7 and 8. Any notice shall be in writing and shall be delivered by hand, confirmed email, or overnight express mail to the main contact and/or signatory set forth on a Service Order. Any executable Service Orders may be executed in one or more counterparts, each of which shall constitute one and the same instrument. For the purpose of executing Service Orders under these Evaluation Terms, the parties hereto agree that .pdf signatures sent via email shall serve as original signatures.