License. Subject to the terms and conditions of this Agreement, Company hereby grants Customer a limited, worldwide, non-exclusive, non-sublicensable, non-transferable and revocable right and license to remotely access (i.e. on a SaaS basis) and/or use the Company proprietary software application security testing (Bright) tool (the “Platform”) during the Term (as defined below), solely for Customer’s internal purposes. Unless otherwise indicated, the term “Platform” also includes any appliance and any manual or documentation (“Documentation”) provided or made available to Customer in connection with the operation of the Platform. Customer may only use the Platform in accordance with the Documentation, the Subscription Order (as defined below) and applicable laws and regulations. Customer shall be solely responsible for providing all equipment, systems, assets, access, and ancillary goods and services needed to access and use the Platform, for ensuring their compatibility with the Platform. For purposes hereof, a “Subscription Order” shall mean an electronic form published by Company on its website at https://brightsec.com/ and agreed to by Customer by clicking and/or execution, as applicable, for the provision of the applicable license granted under this Agreement.
1.1 The Platform may be accessed solely by Customer’s employees who are explicitly authorized by Customer to access and use the Platform (each, a “User”). Customer shall immediately report any unauthorized access or use of the Platform to Company. In order to access the Platform, Customer and/or its Users may be required to set up an administrative account with Company (“Account”). Customer will ensure that the Users comply with this Agreement at all times; and shall be fully responsible and liable for any breach of this Agreement by a User. Customer shall be further responsible and liable for all activities of its Permitted Users and all activities that occur under or in its Account. Customer will require that all Users keep their user ID and password information strictly confidential. Unauthorized access or use of the Platform must be immediately reported to the Company.
1.2 During the Term, Company shall provide support and maintenance services in accordance with the standard service levels provided to its general customers.
1.3 The Platform, any services detailed in the Subscription Order, and the support and maintenance services shall be referred to as the “Services”.
2. Trial. Company may, at its sole discretion, offer a free trial subscription to the Platform, starting at the day the Platform is available for use and ending at the end period specified in the Subscription Order (“Trial Period”). If no Trial Period is offered in the Subscription Order, no free trial will apply. No fees are due from Customer for use of the Platform during the Trial Period. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, DURING THE TRIAL PERIOD THE PLATFORM, IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT ANY WARRANTY WHASOEVER AND COMPANY WILL HAVE NO WARRANTY, INDEMNITY, SUPPORT, OR OTHER OBLIGATIONS OR LIABILITIES WITH RESPECT TO THE TRIAL PERIOD. FOR GREATER CLARITY, COMPANY SHALL NOT BE LIABLE FOR HEREUNDER FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL OR EXEMPLARY DAMAGES OR LOSSES WHATSOEVER; NOR FOR DAMAGES OR LOSSES FOR LOST PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, LOSS OF GOODWILL, OR DAMAGES ARISING OUT OF THE USE OF, OR INABILITY TO USE, THE PLATFORM. In the event of any inconsistencies between the terms of this Section 3 and other provisions of this Agreement, the terms specified in this Section 3 shall prevail with respect to the Trial Period.
3. Subscription Fees. The Services are conditioned on Customer’s payment in full of the applicable fees as set forth in the Subscription Order. Unless otherwise specified in the Subscription Order (i) prior to the commencement of a renewal term specified in the Subscription Order (“Renewal Term”), Company reserves the right to change its subscription fees and Customer shall be informed of such changes via an email and/or a notification on the Platform prior to such changes; (ii) all fees and other amounts paid hereunder are non-refundable; and (iii) all amounts payable under this Agreement are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies, duties and/or governmental charges, except for taxes based upon Company’ net income.
4. Prohibited Uses. Except as specifically permitted herein, without the prior written consent of Company, Customer must not, and shall not allow any User or any third party to, directly or indirectly: (i) copy, modify, create derivative works of, make available or distribute, publically perform, or display any part of the Platform (including by incorporation into its products), or use the Platform to develop any service or product that is the same as (or substantially similar to) it; (ii) sell, license, lease, assign, transfer, pledge, rent, sublicense, or share Customer’s rights under this Agreement with any third party (including but not limited to offering the Platform as part of a time-sharing, outsourcing or service bureau environment); (iii) use any “open source” or “copyleft software” in a manner that would require Company to disclose the source code of the Platform to any third party; (iv) disclose the results of any testing or benchmarking of the Platform to any third party; (v) disassemble, decompile, decrypt, reverse engineer, extract, or otherwise attempt to discover the Platform’s source code or non-literal aspects (such as the underlying structure, sequence, organization, file formats, non-public APIs, ideas, or algorithms); (vi) remove or alter any trademarks or other proprietary right notices displayed on or in the Platform; (vii) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce use limitations; (viii) export, make available or use the Platform in any manner prohibited by applicable laws; and/or (ix) store or transmit any malicious code (i.e., software viruses, Trojan horses, worms, robots, malware, spyware or other computer instructions, devices, or techniques that erase data or programming, infect, disrupt, damage, disable, or shut down a computer system or any component of such computer system) or other unlawful material in connection with the Platform.
5. Personal Data.
To the extent that Customer needs a data processing agreement, Customer shall request Company to provide it with Company’s Data Processing Agreement (“DPA”) and shall return such DPA signed to Company as described therein.
6. Mutual Warranties. Each Party represents and warrants that it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization; and that the execution and performance of this Agreement will not conflict with other agreements to which it is bound or violate applicable law.
7. Intellectual Property Rights.
7.1 The Platform is not for sale and is Company’s sole property. All right, title, and interest, including any intellectual property rights evidenced by or embodied in, attached, connected, and/or related to the Platform (and any and all improvements, customizations, modifications and derivative works thereof) and any other products, deliverables or services provided by Company, are and shall remain owned solely by Company or its licensors. This Agreement does not convey to Customer any interest in or to the Platform other than a limited right to use the Platform in accordance herewith. Nothing herein constitutes a waiver of Company’s intellectual property rights under any law.
7.2 If Company receives any feedback (which may consist of questions, comments, suggestions or the like) regarding the Platform (collectively, “Feedback”), all rights, including intellectual property rights in such Feedback shall belong exclusively to Company. Customer hereby irrevocably and unconditionally transfers and assigns to Company all intellectual property rights it has in such Feedback and waives any and all moral rights that Customer may have in respect thereto. It is further understood that use of Feedback, if any, may be made by Company at its sole discretion, and that Company in no way shall be obliged to make use of the Feedback.
7.3 Any anonymous information, which is derived from the use of the Platform (i.e., metadata, aggregated and/or analytics information and/or intelligence relating to the operation, support, and/or Customer’s use, of the Platform) which is not personally identifiable information (“Analytics Information”) may be used by Company for providing the Platform and its related services, for development, improving the Platform and/or for statistical purposes. Such Analytics Information is Company’s exclusive property.
7.4 As between the Parties, Customer is, and shall be, the sole and exclusive owner of all data and information inputted or uploaded to the Service by or on behalf of Customer or otherwise integrated with the Platform via an API, or data belonging to Customer’s applications within the environment in which the Platform is made available (“Customer Data”). Customer represents and warrants that: (i) Customer owns or has obtained the consents and rights related to the Customer Data, and Customer has the right to provide Company the license granted herein to use such Customer Data in accordance with this Agreement; and (ii) the Customer Data does not infringe or violate any patents, copyrights, trademarks or other intellectual property, proprietary or privacy or publicity rights of any third party. Customer hereby grants Company and its affiliates a worldwide, non-exclusive, right and license, to access and use the Customer Data, in order to perform its obligations hereunder, including without limitation for Company’s provision of the Platform and/or related services hereunder.
8. Third Party Components. The Platform may use or include third party open source software, files, libraries or components that may be distributed to Customer and are subject to third party open source license terms, which can be provided upon request. If there is a conflict between any open source license and this Agreement, then the open source license terms shall prevail but solely in connection with the related third party open source software. Company makes no warranty or indemnity hereunder with respect to any third party open source software.
9. Confidentiality. Each Party may have access to certain non-public information of the other Party, in any form or media, including without limitation trade secrets and other information related to the products, software, technology, data, know-how, or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). Each Party shall take reasonable measures, at least as protective as those taken to protect its own confidential information, but in no event less than reasonable care, to protect the other Party’s Confidential Information from disclosure to a third party. The receiving party’s obligations under this Section 10, with respect to any Confidential Information of the disclosing party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving party at the time of disclosure by the disclosing party; (b) was disclosed to the receiving party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving party has become, generally available to the public; or (d) was independently developed by the receiving party without access to, use of, or reliance on, the disclosing party’s Confidential Information. Neither Party shall use or disclose the Confidential Information of the other Party except for performance of its obligations under this Agreement (“Permitted Use”). The receiving party shall only permit access to the disclosing party’s Confidential Information to its respective employees, consultants, affiliates, agents and subcontractors having a need to know such information in connection with the Permitted Use, who either (i) have signed a non-disclosure agreement with the receiving party containing terms at least as restrictive as those contained herein; or (ii) are otherwise bound by a duty of confidentiality to the receiving party at least as restrictive as the terms set forth herein; in any event, the receiving party shall remain liable for any acts or omissions of such persons. The receiving party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order of a court or similar judicial or administrative body, provided that it promptly notifies the disclosing Party in writing of such required disclosure to enable disclosing party to seek a protective order or otherwise prevent or restrict such disclosure and cooperates reasonably with disclosing party in connection therewith. All right, title and interest in and to Confidential Information is and shall remain the sole and exclusive property of the disclosing Party.
10. LIMITED WARRANTIES.
10.1 Company represents and warrants that, under normal authorized use, the Platform shall substantially perform in conformance with its Documentation. As Customer’s sole and exclusive remedy and Company’s sole liability for breach of this warranty, Company shall use commercially reasonable efforts to repair the Platform. The warranty set forth herein shall not apply if the failure of the Platform results from or is otherwise attributable to: (i) repair, maintenance or modification of the Platform by persons other than Company or its authorized contractors; (ii) accident, negligence, abuse or misuse of the Platform; (iii) use of the Platform other than in accordance with the Documentation; or (iv) the combination of the Platform with equipment or software not authorized or provided by Company. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM, ITS RELATED SERVICES AND THE REPORTS (AS DEFINED BELOW) ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. COMPANY DOES NOT WARRANT THAT THE PLATFORM, ITS RELATED SERVICES AND THE REPORTS: (i) WILL MEET CUSTOMER’S REQUIREMENTS, (ii) WILL OPERATE ERROR-FREE, OR (iii) WILL BE ABLE TO FIND ALL WEAKNESSES, VULNERABILITIS OR OTHER SECURITY RELATED ISSUES IN COSTUMER’S APPLICATIONS. EXCEPT FROM THE WARRNATIES SET FORTH IN THIS AGREEMENT, THE COMPANY EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, SATISFACTORY QUALITY TITLE, NON- INFRINGEMENT, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE. COMPANY WILL NOT BE LIABLE FOR DELAYS, INTERRUPTIONS, SERVICE FAILURES OR OTHER PROBLEMS INHERENT IN USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS OR FOR ISSUES RELATED TO PUBLIC NETWORKS OR CUSTOMER’S HOSTING SERVICES.
10.2 COMPANY DOES NOT OFFER A WARRANTY OR MAKE ANY REPRESENTATION REGARDING ANY CONTENT, REPORTS, INFORMATION, RESULTS OR SOLUTIONS THAT CUSTOMER OBTAINS THROUGH USE OF THE PLATFORM AND ITS RELATED SERVICES (COLLECTIVELY, THE “REPORTS”), OR THAT THE REPORTS ARE COMPLETE OR ERROR-FREE. THE REPORTS DO NOT CONSTITUTE PROFESSIONAL (INCLUDING, BUT NOT LIMITED TO, LEGAL ADVICE) ADVICE, AND CUSTOMER UNDERSTANDS IT MUST DETERMINE FOR ITSELF THE NEED TO OBTAIN ITS OWN INDEPENDENT PROFESSIONAL ADVICE REGARDING THE SUBJECT MATTER OF ANY REPORT AND/OR ANY SOFTWARE THAT CUSTOMER USES OR IS CONSIDERING TO USE. CUSTOMER’S USE OF AND RELIANCE UPON THE REPORTS IS ENTIRELY AT CUSTOMER’S SOLE DISCRETION AND RISK, AND COMPANY SHALL HAVE NO RESPONSIBILITY OR LIABILITY WHATSOEVER TO CUSTOMER IN CONNECTION WITH ANY OF THE FOREGOING.
11. LIMITATION OF LIABILITY. WITHOUT DEROGATING FROM COMPANY’S INDEMNIFICATION OBLIGATION UNDER SECTION 13 AND EXCEPT FOR ANY DAMAGES RESULTING FROM: (i) ANY BREACH OF EITHER PARTY’S CONFIDENTIALITY OBLIGATIONS HEREIN, (ii) WILLFUL MISCONDUCT, AND/OR (iii) CUSTOMER’S MISAPPROPRIATION OR OTHERWISE VIOLATION OF COMPANY’S INTELLECTUAL PROPERTY RIGHTS (INCLUDING MISUSE OF THE LICENSE BY CUSTOMER), NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, PROFITS, DATA, OR DATA USE, OR THE COST OF PROCURING ANY SUBSTITUTE GOODS OR SERVICES. COMPANY’S MAXIMUM LIABILITY FOR ANY DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT OR TORT, OR OTHERWISE, SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, THE TOTAL AMOUNTS ACTUALLY PAID OR PAYABLE TO COMPANY BY CUSTOMER IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO SUCH CLAIM. THIS LIMITATION OF LIABILITY IS CUMULATIVE AND NOT PER INCIDENT. FOR CLARITY, THE LIMITATIONS IN THIS SECTION DO NOT APPLY TO PAYMENTS DUE TO COMPANY UNDER THIS AGREEMENT.
12.1 Company agrees to defend, at its expense, any third party action or suit brought against Customer alleging that the Platform, when used as permitted under this Agreement, infringes intellectual property rights of a third party (“IP Infringement Claim”); and Company will pay any damages awarded by court against Customer that are attributable to any such IP Infringement Claim, provided that (i) Customer promptly notifies Company in writing of such claim; and (ii) Customer grants Company the sole authority to handle the defense or settlement of any such claim and provides Company with all reasonable information and assistance in connection therewith, at Company’s expense. Company will not be bound by any settlement that Customer enters into without Company’s prior written consent.
12.2 If the Platform becomes, or in Company’s opinion is likely to become, the subject of an IP Infringement Claim, then Company may, at its sole discretion: (a) procure for Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite Company’s reasonable efforts, then Company may terminate this Agreement and Company shall also provide a refund for any amount pre-paid by Customer for such returned Platform for the remaining unused period of the license.
12.3 Notwithstanding the foregoing, Company shall have no responsibility for IP Infringement Claims resulting from or based on: (i) modifications to the Platform made by a party other than Company or its designee; (ii) Customer’s failure to implement software updates provided by Company specifically to avoid infringement; or (iii) combination or use of the Platform with equipment, devices or software not supplied by Company.
12.4 This Section 13 states Company’s entire liability, and Customer’s exclusive remedy, for any IP Infringement Claim.
13. Suspension, Term and Termination.
13.1 If Company reasonably believes that Customer is using the Platform in a manner that may cause harm to Company or any third party then Company may, without derogating from Company’s right to terminate this Agreement for any breach hereof, suspend Customer’s access to and use of the Platform until such time as Company believes the threat of harm, or actual harm, has passed.
13.2 This Agreement shall enter into force and effect on the Effective Date and shall remain in full force and effect for the term specified in the Subscription Order, including the Renewal Term(s), (the “Term”).
13.3 Upon termination or expiration of this Agreement: (i) Platform license granted to Customer under this Agreement shall expire, and Customer shall discontinue any further use and access thereof; (ii) Customer shall immediately delete and dispose of all copies of the Documentation in Customer’s or any of its representatives’ possession or control; and (iii) Company may delete all customer data uploaded on the Platform without affecting any of Company’s rights to the Analytics Information.
13.4 The provisions of this Agreement that, by their nature and content, must survive the termination of this Agreement in order to achieve the fundamental purposes of this Agreement (including limitation of liability) shall so survive.
14. Miscellaneous. This Agreement, including any Subscription Orders and exhibits attached or referred hereto, represents the entire agreement between the Parties concerning the subject matter hereof, replaces all prior and contemporaneous oral or written understandings and statements, and may be amended only by a written agreement executed by both Parties. In the event of any inconsistencies between this Agreement and the terms of any duly executed Subscription Order signed by the Company, the terms of the Subscription Order shall prevail. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach shall not be deemed a waiver by that Party as to subsequent enforcement or actions in the event of future breaches. Any waiver granted hereunder must be in writing. If any provision of this Agreement is held by a court of competent jurisdiction to be illegal, invalid or unenforceable, the remaining provisions of this Agreement shall remain in full force and effect and such provision shall be reformed only to the extent necessary to make it enforceable. Any use of the Platform by an agency, department, or other entity of the United States government shall be governed solely by the terms of this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Notwithstanding the foregoing, this Agreement may be assigned by either Party in connection with a merger, consolidation, sale of all of the equity interests of such Party, or a sale of all or substantially all of the assets of the Party to which this Agreement relates. Without derogating from and subject to the abovementioned, this Agreement will bind and benefit each Party and its respective successors and assigns. This Agreement shall be governed by and construed under the laws of the State of Delaware, without reference to principles and laws relating to the conflict of laws. The competent courts of the State of Delaware shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. Notwithstanding the foregoing, each Party may seek equitable relief in any court of competent jurisdiction in order to protect its proprietary rights. Each Party irrevocably waives its right to trial of any issue by jury. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Neither Party has any authority to enter into agreements of any kind on behalf of the other Party. Company will not be liable for any delay or failure to provide the Services resulting from circumstances or causes beyond the reasonable control of Company including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities actions, riot, acts of terrorism, earthquakes, explosions, power outages, pandemic or epidemic (or similar regional health crisis), or any other cause that is beyond the reasonable control of Company. This Agreement may be executed in electronic counterparts, each of which counterpart, when so executed and delivered, shall be deemed to be an original and all of which counterparts, taken together, shall constitute but one and the same agreement.
|Testing variance||Using Legacy Dast||Using Dev-Centric Dast|
|% of orgs knowingly pushing vulnerable apps & APIs to prod||86%||50%|
|Time to remediate >Med vulns in prod||280 days||<150 days|
|% of > Med vulns detected in CI, or earlier||<5%||~55%|
|Dev time spent remediating vulns||-||Up to 60x faster|
|Happiness level of Engineering & AppSec teams||-||Significantly improved|
|Average cost of Data Breach (US)||$7.86M||$7.86M|