diff options
Diffstat (limited to 'licenses/Tenable-Master-Agreement')
-rw-r--r-- | licenses/Tenable-Master-Agreement | 641 |
1 files changed, 641 insertions, 0 deletions
diff --git a/licenses/Tenable-Master-Agreement b/licenses/Tenable-Master-Agreement new file mode 100644 index 000000000000..b185a63d2fbd --- /dev/null +++ b/licenses/Tenable-Master-Agreement @@ -0,0 +1,641 @@ +TENABLE MASTER AGREEMENT +This Master Agreement (this “Agreement”) is made by and between Tenable (as defined below) and the customer licensing Products +and/or receiving services (“Customer”) with an effective date as of the date Customer clicks to accept this Agreement (the “Effective +Date”). Hereinafter, each of Tenable and Customer may be referred to collectively as the “Parties” or individually as a “Party”. + +1. Definitions. + +(a) “Affiliate” means any entity that controls, is controlled by, or is under common control with a Party. “Control” shall mean: +(1) ownership (either directly or indirectly) of greater than fifty percent (50%) of the voting equity or other controlling equity of another +entity; or (2) power of one entity to direct the management or policies of another entity, by contract or otherwise. + +(b) “Documentation” means the then-current official user manuals and/or documentation for the Products available at +docs.tenable.com (or a successor location). + +(c) “Hosted Services” are a type of service offered through Tenable’s cloud-based software as a service (SaaS) platform and +include Scans and access to and use of the hosted environment (the “Hosted Environment”). + +(d) “Product(s)” means any of the products that Tenable offers, including Software, Hosted Services, Hardware (if any), +Support Services and Professional Services. + +(e) “Professional Services” means services purchased, including consulting services which are relevant to the implementation +and configurations of Tenable Products as well as on-site or virtual training courses. Generally, Professional Services are defined either +in a separate SOW or a Services Brief. Professional Services do not include the Hosted Services or Support Services. + +(f) “Scan(s)” are a function performed by the Software and/or the Hosted Services on Scan Targets, which are conducted in +order to provide data to Customer regarding its network security. “PCI Scans” are a specific type of Scan designed to assess compliance +with the Payment Card Industry Data Security Standard. “Scan Data” is the resulting information created by the Scan. “Scan Target(s)” +are the targets or subjects of a Scan. + +(g) “Services Brief” means the document which outlines Tenable’s basic, pre-packaged installation or training Professional +Services offered under a Tenable SKU and which do not require a separate SOW. Current versions of Services Briefs may be found at +http://static.tenable.com/prod_docs/tenable_slas.html (or a successor location). For the avoidance of doubt, Customer may purchase +commercial off the shelf SKU-based Professional Services without executing a separate Statement of Work. A “SOW” or “Statement +of Work” shall further describe Professional Services, the terms of which may be customized and which shall require execution by the +Customer. + +(h) “Software” means each software product made available by Tenable under this Agreement for download. Software +includes patches, updates, improvements, additions, enhancements and other modifications or revised versions of the same that may be +provided to Customer by Tenable from time to time. + +(i) “Technical Data” means data Customer uploads or runs through or on the Products, or is otherwise generated thereby, +including information regarding licensing metrics and product behavioral data. + +(j) “Tenable” means: (i) Tenable, Inc., if Customer is a commercial entity or individual located in North or South America +(Tenable, Inc. is a Delaware corporation having offices at 6100 Merriweather Drive, 12th Floor, Columbia, MD 21044); (ii) Tenable +Public Sector LLC, if Customer is an agency or instrumentality of the United States Government, a commercial entity operating +predominantly as a federal systems integrator for eventual sale or resale or for the benefit of the United States Government, or an agency +or instrumentality of a State or local government within the United States (Tenable Public Sector LLC is a Delaware limited liability +company having offices at 6100 Merriweather Drive, 12 th Floor, Columbia, MD 21044); or (iii) Tenable Network Security Ireland +Limited, if Customer is located outside of North or South America (Tenable Network Security Ireland Limited is a private limited +company having offices at 81b Campshires, Sir John Rogerson’s Quay, Dublin 2, Ireland). + +2. Orders and Transactions. + +(a) Reseller Transactions. If Customer purchases Tenable Products through an authorized Tenable reseller (a “Reseller”), all +terms related to pricing, billing, invoicing and payment (“Payment Terms”) set forth in this Agreement (if any) shall not apply. For the +avoidance of doubt, all such Payment Terms shall be as agreed to between Customer and Reseller. To place an order, Customer shall +provide the Reseller with a purchase order (or other similar document acceptable to Reseller) in response to a valid quote from such +Reseller. Following Reseller’s receipt of such purchase order, Tenable shall issue a sales order confirmation or other similar order +acceptance document (the “Ordering Document”). No order shall be deemed accepted by Tenable until Tenable issues the Ordering +Document. The Ordering Document shall set forth all Products (and corresponding licensing metrics) purchased by Customer. + +(b) Direct Transactions. If the Parties have agreed to transact directly, the following Payment Terms shall apply. Customer +agrees to pay all amounts due as specified in a Tenable invoice. Fees for Hosted Services are charged for access to the Host Environment +(as defined herein), not actual usage. Payment is due within thirty (30) days from the date of Tenable’s invoice to Customer. Customer +will pay directly or reimburse Tenable for any taxes (including, sales or excise taxes, value added taxes, gross receipt taxes, landing +fees, import duties and the like), however designated and whether foreign or domestic, imposed on or arising out of this Agreement. +Notwithstanding the foregoing, Tenable will be solely responsible for its income tax obligations and all employer reporting and payment +obligations with respect to its personnel. Customer agrees to pay Tenable without deducting any present or future taxes, withholdings +or other charges except those deductions it is legally required to make. If Customer is legally required to make any deductions or +withholding, Customer agrees to provide evidence of such withholding upon request. If a certificate of exemption or similar document +or proceeding is necessary in order to exempt any transaction from a tax, Customer shall provide such certificate or document to Tenable. + +(c) Delivery and Installation. Delivery of Tenable Products (“Delivery”) shall be deemed to occur on the date of availability +for electronic download or electronic access. Tenable has no duty to provide installation services for Tenable Products unless installation +services are purchased separately. + +3. Term and Termination. + +(a) Agreement Term. This Agreement shall commence upon the Effective Date and continue until terminated in accordance +with the terms set forth herein. + +(b) License Term and Renewals. The “License Term” is the term of the license or subscription for Products as set forth in the +Ordering Document. If this Agreement has been signed by both Parties, then unless otherwise agreed to in writing, any License Term, +including renewals, shall be governed by the terms set forth herein. If this Agreement has been accepted via shrinkwrap or clickthrough, +upon any renewal of the License Term, the terms then available at http://static.tenable.com/prod_docs/tenable_slas.html (or a +successor location) will govern such renewal. Customer agrees that use of the Products at the time of such renewal will be deemed full +and adequate acceptance of the updated terms. + +(c) Termination for Cause. Either Party may terminate this Agreement for cause if the other Party materially breaches this +Agreement provided that such breaching Party has received written notice of such breach and failed to cure such breach within thirty +(30) days. If this Agreement is terminated for cause by either Party, Customer shall remove all copies of the Products from any Customer +systems and cease to use any Software or Hosted Services purchased hereunder. Further, Customer shall certify to Tenable that it has +returned or destroyed all copies of the Software. If this Agreement is terminated for cause by Tenable, Customer shall remain responsible +for any outstanding payment obligations throughout the rest of the License Term. + +(d) Termination for Convenience. Customer may terminate this Agreement for any lawful reason upon ninety (90) days’ prior +written notice to Tenable. If Customer terminates for convenience, Customer shall not receive a refund and shall remain obligated to +pay for Products for which it has previously entered into a transaction as well as any additional payment obligations agreed upon prior +to the termination date. + +4. Products. + +(a) Product-Specific Terms. Pursuant to this Agreement, Customer may receive the right to use various Products as further +described in the attached schedules (each, a “Schedule”). Terms related to Customer’s use of Software are described in Schedule A +(Software). Terms related to Customer’s use of Hosted Services are described in Schedule B (Hosted Services). Terms related to the +provision of Professional Services are described in Schedule C (Professional Services). For each Product, Customer will have the right +to use the corresponding Documentation. + +(b) Licensing Model. Product licenses shall be in accordance with the terms of the applicable licensing model as set forth in +the Documentation and/or the Ordering Document, which may include limitations on Scan Targets, compute, storage, resource +utilization, License Term, the number of users, seats, licenses and/or types of modules licensed. Product licenses shall commence upon +Delivery and shall be either perpetual or subscription in nature. Tenable shall use commercially reasonable efforts to meter resource +utilization and assess likeness or uniqueness of Scan Targets within each Product/module licensed. If Customer exceeds the license +restrictions, Customer must purchase an upgraded license to allow for all actual or additional usage, and Tenable or its Reseller may +promptly invoice Customer for any such overages at a price not to exceed Tenable’s then-current rates. Discrepancies in Scan Target +or utilization count is the sole responsibility of the Customer to resolve. + +(c) Restrictions on Use. Customer shall not directly or indirectly: (i) decompile, disassemble, reverse engineer, or otherwise +attempt to derive, obtain or modify the source code of the Products; (ii) reproduce, modify, translate or create derivative works of all or +any part of the Products; (iii) remove, alter or obscure any proprietary notice, labels, or marks on the Products; (iv) without Tenable’s +prior written consent, use the Products in a service bureau, application service provider or similar capacity; (v) without signing Tenable’s +Managed Security Services Provider Addendum, use the Products to provide any managed service to a third party; (vi) use the Products +in order to create competitive analysis or a competitive product or service; (vii) copy any ideas, features, functions or graphics in the +Product; or (viii) without Tenable’s prior written consent, interfere with or disrupt performance of Hosted Services (e.g., perform +penetration testing on Tenable systems). Customer may only use the Products to manage or gather information from Scan Targets +owned or hosted by Customer or its Affiliates, or third parties for which Customer has received express authorization to Scan. + +(d) Intellectual Property in Products. This Agreement does not transfer to Customer any title to or any ownership right or +interest in the Products. Any rights in the Products not expressly granted in this Agreement are reserved by Tenable. If Customer +provides Tenable with any comments, suggestions, or other feedback regarding the Product, Customer hereby assigns to Tenable all +right, title and interest in and to such feedback. For clarity, such feedback shall not contain Customer Confidential Information and shall +not reference or identify Customer or its users. + +(e) Customer Requirements. In order to use the Products, Customer must meet or exceed the specifications found in the +Documentation. + +(f) Product Features. Customer agrees that purchase of any Product is not contingent on the delivery of any future +functionality or features, or dependent on any oral or written public comments made by Tenable regarding future functionality or +features. Tenable reserves the right to withdraw features from future versions of the Products provided that: (i) the core functionality of +the affected Product remains the same; or (ii) Customer is offered access to a product or service providing materially similar functionality +as the functionality removed from the affected Product. The preceding remedies under this Section 4(f) are the sole remedies available +if Tenable withdraws features from the Products. + +(g) Rights Granted to Tenable. Provided that Tenable shall not publicly disclose any Customer Confidential Information, +Tenable may: (i) use Technical Data for reasonable business purposes, including Support Services, license validation, research and +development, feature creation, and Product testing; (ii) include aggregated and anonymized Technical Data in public materials; and (iii) +retain Technical Data which is anonymized after the termination of this Agreement. + +(h) Hardware. Any Hardware purchased under this Agreement (if any) will be subject to the terms and conditions of Schedule +D located at http://static.tenable.com/prod_docs/tenable_slas.html (or a successor location). + +(i) Temporary Limitation. If Tenable reasonably believes: (i) Customer’s use of the Products places an unreasonable or +disproportionate burden on the Products; (ii) Customer’s use of the Products poses a risk or threat to the Products (including any systems +supporting the Products), Tenable, or a third party; or (iii) Customer’s usage exceeds the limitations of the license, then Tenable may +temporarily limit Customer’s access to or use of the Products or any specific feature therein. Tenable may also suspend or limit access +to the Products if Customer fails to make any payments related to this Agreement. Tenable will, to the extent practical under the +circumstances, use commercially reasonable efforts to provide Customer with prior written notice of any such limitation (email or in +product messaging shall be sufficient). When commercially reasonable, Tenable shall promptly restore access once the Customer has +remediated the issue. For the avoidance of doubt, Customer is responsible for all normal fees during any period for which usage or +access is limited pursuant to this section. + +(j) Additional Details on Use Restrictions for Tenable Security Network Ireland Limited. The following shall only apply for +transactions with Tenable Security Network Ireland Limited. Notwithstanding anything in Section 4(c), decompiling the Product is +permitted to the extent the laws of Customer’s jurisdiction give Customer the right to do so to obtain information necessary to render +the Products interoperable with other software; provided, however, that Customer must first request such information from Tenable and +Tenable may, in its discretion, either provide such information to Customer or impose reasonable conditions, including a reasonable fee, +on such use of the Products to ensure that its proprietary rights in the Product are protected. + +5. Support. + +(a) Support Services. Tenable shall provide Customer with support services (the “Support Services”) in accordance with +Tenable’s then-current Technical Support Plans (available at http://static.tenable.com/prod_docs/tenable_slas.html or a successor +location) and consistent with Tenable’s End of Life and End of Sale definitions contained therein. The Support Services include bug +fixes, updates (including new vulnerability plug-ins), or enhancements that Tenable makes generally available to users of the Products. +The Support Services also include the provision of new minor (Example: 1.1.x to 1.2.x, etc.) and major version releases of the Products +(Example: 1.x to 2.x, etc.). + +(b) Support Fees. Standard Support Services for Products licensed for a finite License Term will be provided at no additional +charge beyond the license fee for the duration of the License Term. Support Services for Products licensed on a perpetual basis must +be purchased separately in advance. In all cases, premium support may be purchased at an additional charge. If during the course of a +perpetual license Customer terminates or fails to renew the Support Services, Customer may, at any time during the term of this +Agreement, request that Tenable reinstate the Support Services provided that Customer pays for the lapsed Support Services in an +amount equal to the total fees Customer would have paid for the Support Services between the time Customer’s Support Services lapsed +and the then-current date. + +6. Confidentiality. + +(a) Definition. “Confidential Information” means information learned or disclosed by a Party under this Agreement that +should reasonably be assumed to be confidential or proprietary, including the Products and the terms of this Agreement. Confidential +Information will remain the property of the disclosing Party, and the receiving Party will not be deemed by virtue of this Agreement or +any access to the Confidential Information to have acquired any right, title or interest in or to the Confidential Information. + +(b) Obligations. Each Party agrees to only use the Confidential Information in connection with this Agreement or a purchase +hereunder. The receiving Party agrees to hold the disclosing Party’s Confidential Information confidential using at least the same level +of protection against unauthorized disclosure or use as the receiving Party normally uses to protect its own information of a similar +character, but in no event less than a reasonable degree of care. Each Party may share Confidential Information with its Affiliates or +authorized contractors in the performance of its duties under this Agreement; provided, however, that each Party shall be responsible to +ensure that such Affiliate or authorized contractors are bound by obligations of confidentiality at least as stringent as those set forth in +this Agreement. + +(c) Exclusions. Confidential Information shall not include information that: (i) is already known to the receiving Party free of +any confidentiality obligation; (ii) is or becomes publicly known through no wrongful act of the receiving Party; (iii) is rightfully +received by the receiving Party from a third party without any restriction or confidentiality; or (iv) is independently developed by the +receiving Party without reference to the Confidential Information. Confidential Information does not include Scan Data that has been +aggregated or anonymized so that it is not attributable to the disclosing Party. If Customer requests or performs scans on third party +Scan Targets, and such third party inquires with Tenable about the scan, Tenable shall inform Customer and allow Customer to resolve +any disputes with the third party. If Customer fails to contact the third party, Customer agrees that Tenable may provide Customer’s +business contact information to the owner of the Scan Targets as well as to relevant authorities, and such disclosure shall not be +considered a breach of confidentiality. + +(d) Sensitive Information. The Parties agree that Customer’s disclosure of sensitive, personal information (e.g., social security +numbers, national identity card numbers, personal credit card information, racial or ethnic origin, political opinions, religious or +philosophical beliefs, trade union membership, genetic data, biometric data, and health care data) (“Sensitive Information”) is not +required for Tenable to perform its duties under this Agreement or sell any Products hereunder. If Customer inadvertently or +unintentionally discloses any Sensitive Information to Tenable, Customer shall identify to Tenable that it has disclosed Sensitive +Information and Tenable shall promptly return and/or destroy such Sensitive Information. + +(e) Legal Disclosures; Remedies. The receiving Party may disclose Confidential Information if required to do so by law +provided the receiving Party shall promptly notify the disclosing Party so that the disclosing Party may seek any appropriate protective +order and/or take any other action to prevent or limit such disclosure. If required hereunder, the receiving Party shall furnish only that +portion of the Confidential Information disclosure of which is legally required. The receiving Party acknowledges and agrees that the +breach of any term, covenant or provision of this Agreement may cause irreparable harm to the disclosing Party and, accordingly, upon +the threatened or actual breach by the receiving Party of any term, covenant or provision of this Agreement, the disclosing Party shall +be entitled to seek injunctive relief, together with any other remedy available at law or in equity. The receiving Party will notify the +disclosing Party promptly of any unauthorized use or disclosure of the disclosing Party’s Confidential Information. + +7. Representations and Warranties; Disclaimer. + +(a) Warranty of Authority. The Parties hereby represent and warrant that they have the full power and authority to enter into +this Agreement. + +(b) Products. Product warranties and associated warranty periods are set forth in the relevant Schedules. + +(c) Antivirus Warranty. Tenable represents it has taken commercially reasonable efforts to ensure that the Products, at the +time of Delivery, are free from any known and undisclosed virus, worm, trap door, back door, timer, clock, counter or other limiting +routine, instruction or design that would erase data or programming or otherwise cause the Products to become inoperable or incapable +of being used in the manner for which it was designed or in accordance with the Documentation. + +(d) Warranty Disclaimer. EXCEPT AS EXPRESSLY STATED IN THIS AGREEMENT AND TO THE GREATEST +EXTENT PERMITTED BY LAW, TENABLE OFFERS ITS PRODUCTS “AS-IS” AND MAKES NO OTHER WARRANTY OF +ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING ANY WARRANTIES OF TITLE, +NONINFRINGEMENT, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SECURITY, INTEGRATION, +PERFORMANCE AND ACCURACY, AND ANY IMPLIED WARRANTIES ARISING FROM STATUTE, COURSE OF +DEALING, COURSE OF PERFORMANCE OR USAGE OF TRADE. THE WARRANTIES SET FORTH IN THIS AGREEMENT +ARE MADE TO CUSTOMER FOR CUSTOMER’S BENEFIT ONLY. CUSTOMER’S USE OF THE PRODUCTS IS AT +CUSTOMER’S OWN RISK. CUSTOMER UNDERSTANDS THAT ASSESSING NETWORK SECURITY IS A COMPLEX +PROCEDURE, AND TENABLE DOES NOT GUARANTEE THAT THE RESULTS OF THE PRODUCTS WILL BE ERROR-FREE +OR PROVIDE A COMPLETE AND ACCURATE PICTURE OF CUSTOMER’S SECURITY FLAWS, AND CUSTOMER AGREES +NOT TO RELY SOLELY ON SUCH PRODUCTS IN DEVELOPING ITS SECURITY STRATEGY. CUSTOMER +ACKNOWLEDGES THAT THE PRODUCTS MAY RESULT IN LOSS OF SERVICE OR HAVE OTHER IMPACTS TO +NETWORKS, ASSETS OR COMPUTERS (INCLUDING MODIFICATION OF SCAN TARGETS), AND CUSTOMER IS SOLELY +RESPONSIBLE FOR ANY DAMAGES RELATING TO SUCH LOSS OR IMPACT. + +8. Limitation of Liability. + +(a) Direct Damages. The cumulative liability of one Party to the other for all claims arising from or relating to the Products +or this Agreement (including without limitation, any cause of action sounding in contract, tort or strict liability) shall be limited to proven +direct damages in an amount not to exceed, in the aggregate, the fees paid by Customer for the Products over the twelve (12) months +immediately prior to the event giving rise to the claim. + +(b) Indirect Damages. Neither Party shall be liable to the other for any indirect, incidental, special, punitive, consequential or +exemplary damages regardless of the nature of the claim. This prohibition on indirect damages shall include, but not be limited to, claims +based on lost profits, cost of delay, any failure of Delivery, business interruption, cost of lost or damaged data, or liabilities to any third +parties even if such Party is advised of the possibility thereof. + +(c) Carve Outs. The liability caps set forth in Sections 8(a) and 8(b) shall not apply to damages resulting from: + (i) personal injury or death; + (ii) fraud or willful misconduct; + (iii) indemnification obligations set forth in Section 9 (Indemnification); or + (iv) Customer’s breach of Section 4(c) (Restrictions on Use). + +(d) Limitations; Time Period. Each of the limitations set forth in this Section 8 shall be enforced to the fullest extent of the +law. Any laws preventing such limitations shall only apply to the extent required by law and the remaining unaffected terms shall apply +in full. Unless expressly prohibited by law, each Party shall have a period of no greater than twelve (12) months from the date the cause +of action accrues to bring a claim against the other Party for such cause of action. + +9. Indemnification. + +(a) Indemnification Obligations. + (i) By Tenable. Tenable shall (at its sole cost and expense): (i) defend and/or settle on behalf of Customer (including +Customer’s officers, directors, employees, representatives and agents); and (ii) indemnify Customer for, any third party claims brought +against Customer based upon a claim that Customer’s use of the Products in accordance with this Agreement infringes or misappropriates +such third party’s intellectual property rights in a jurisdiction which is signatory to the Berne Convention. + (ii) By Customer. Customer shall (at its sole cost and expense): (i) defend and/or settle on behalf of Tenable (including +Tenable’s officers, directors, employees, representatives and agents) and (ii) indemnify Tenable for, any third party claims brought +against Tenable arising out of or relating to Customer’s use of the Products to perform Scans on third party Scan Targets, except to the +extent that any such claim or action is caused by a failure of the Products to materially comply with the Documentation. + +(b) In Case of Infringement. If Customer’s use of the Products is, or in Tenable’s opinion is likely to be, the subject of an +infringement claim, Tenable may, in its sole discretion and expense: (i) modify or replace the infringing Products as necessary to avoid +infringement, provided that the replacement Products are substantially similar in functionality; (ii) procure the right for Customer to +continue using the infringing Products; or (iii) terminate this Agreement and, upon Customer’s return or certified destruction of the +infringing Product, provide Customer a pro-rata refund calculated as follows: (x) for infringing Products licensed on a subscription +basis, the refund shall consist of any prepaid but unused fees for the remainder of the applicable License Term; or (y) for infringing +Software licensed on a perpetual basis or infringing Hardware, the refund shall consist of a straight line depreciation of the license fee +based on a three (3) year useful life as well as any prepaid but unused fees for separately charged Support Services. This Section 9 sets +forth Tenable’s sole and exclusive liability and Customer’s sole and exclusive remedy with respect to any claim of intellectual property +infringement. + +(c) Exclusions. Tenable shall have no liability with respect to a third party intellectual property infringement claim arising out +of: (i) modifications of the Product made by Customer or a party under its control to conform with Customer’s specifications; (ii) +modifications of the Product made by anyone other than Tenable or a Tenable authorized third party; (iii) Customer’s use of the Product +in combination with other products or services not provided by Tenable; (iv) Customer’s failure to use any updated versions of the +Product made available by Tenable; or (v) Customer’s use of the Product in a manner not permitted by this Agreement or otherwise not +in accordance with the Documentation. + +(d) Requirements. The indemnitor shall only be responsible for the indemnification obligations set forth in this Section 9 if +the indemnitee: (i) provides the indemnitor prompt written notice of such action or claim; (ii) gives the indemnitor the right to control +and direct the investigation, defense, and/or settlement of such action or claim; (iii) reasonably cooperates with the indemnitor in the +defense of such a claim (at the indemnitor’s expense); and (iv) is not in breach of this Agreement. Nothing herein shall prevent the +indemnitee from engaging in defense of any such claim with its own legal representation, provided that this does not materially prejudice +the indemnitor’s defense. The indemnitor may not settle any claim on behalf of the indemnitee without obtaining the indemnitee’s prior +written consent; provided, however, the indemnitor shall not be required to obtain consent to settle a claim which settlement consists +solely of: (x) discontinued use of infringing Products and/or (y) the payment of money for which the indemnitor has a duty to indemnify. + +10. Legal Compliance. + +(a) Generally. The Products are intended solely for lawful purposes and use. Both Parties, and their agents and Affiliates, +agree to perform their respective obligations in an ethical manner that complies with all applicable national, federal, state and local laws, +statutes, ordinances, regulations and codes (“Applicable Laws”) including, without limitation, the Computer Fraud and Abuse Act +(CFAA), 18 USC Sec. 1030, the U.S. Foreign Corrupt Practices Act of 1977, as amended, and the UK Bribery Act of 2010. If Customer +violates this Section 10, Tenable may terminate this Agreement immediately. + +(b) Trade Controls. Applicable Laws include U.S. export laws (including the International Traffic in Arms Regulation (ITAR), +22 CFR 120-130, and the Export Administration Regulation (EAR), 15 CFR Parts 730 et seq.) and the anti-boycott rules implemented +by the Departments of Commerce and Treasury. Information regarding export classifications of Tenable’s Products may be found on +its website (www.tenable.com/export-controls or a successor location). Customer agrees that it will be the exporter of record any time +it causes the Products to be accessed outside the United States or by a national of any country other than the United States. The Parties +further agree to comply with trade and economic sanctions, rules, and regulations of the United States, European Union, EU member +states, United Kingdom and other applicable government authorities and shall not engage in prohibited trade to persons or entities who +are the subject of an active sanction, embargo, or executive order. Customer hereby acknowledges and confirms that Customer +(including Customer’s officers, directors, employees, representatives and agents): (i) is not included on, owned or controlled by an +individual or entity included on, or acting on behalf of an individual or entity included on any of the restricted party lists maintained by +the U.S. Government (e.g., Specially Designated Nationals List, Foreign Sanctions Evader List, Sectoral Sanctions Identification List, +Denied Persons List, Unverified List, Entity List or List of Statutorily Debarred Parties) (collectively, “Restricted Parties”); (ii) will not +export, re-export, transfer, re-transfer or otherwise ship, directly or indirectly, the Products or related technology to or for use by or for +Restricted Parties; (iii) will not export, re-export, transfer, re-transfer or otherwise ship, directly or indirectly, the Products or related +technology to or for use in, by or for countries or territories subject to U.S. economic sanctions (e.g., Crimea, Cuba, Iran, North Korea, +or Syria); or (iv) will not use or sell the Products for nuclear end-uses, rocket systems, unmanned air vehicles, chemical or biological +weapons, maritime nuclear propulsion, weapons of mass destruction or other restricted end-uses except to the extent consistent with +Trade Control Laws. + +(c) Data Processing Addendum. To the extent applicable, if Tenable is processing personal information on behalf of Customer +under any applicable data protection law (e.g., the European Union’s General Data Protection Regulation 2016/679), then such +processing shall be in accordance with Tenable’s Data Processing Addendum located at +http://static.tenable.com/prod_docs/tenable_slas.html (or a successor location). + +11. Governing Law; Venue. + +(a) For transactions with Tenable, Inc. and Tenable Public Sector LLC, this Agreement shall be governed in all respects by +the laws of the State of Delaware, USA, without regard to choice-of-law rules or principles. The Parties agree that: (i) no aspect or +provision of the Uniform Computer Information Transactions Act shall apply to this Agreement; and (ii) this Agreement shall not be +governed by the U.N. Convention on Contracts for the International Sale of Goods. The Parties hereby submit to the exclusive +jurisdiction of the courts of Howard County, Maryland, and the United States District Court for Maryland, Baltimore Division, for any +question or dispute arising out of or relating to this Agreement. Due to the high costs and time involved in commercial litigation before +a jury, the Parties waive all right to a jury trial with respect to any issues in any action or proceeding arising out of or related to this +Agreement. + +(b) For transactions with Tenable Network Security Ireland Limited, this Agreement and any issues, disputes or claims arising +out of or in connection with it (whether contractual or non-contractual in nature such as claims in tort, from breach of statute or regulation +or otherwise) (“Disputes”) shall be governed by, and construed in accordance with, the laws of Ireland. Customer expressly agrees with +Tenable that this Agreement shall not be governed by the U.N. Convention on Contracts for the International Sale of Goods, the +application of which is expressly excluded. All Disputes arising out of or relating to this Agreement shall be subject to arbitration within +the meaning of the Arbitration Act 2010 or any legislation amending or repealing that act and shall be an arbitration conducted in Dublin, +Ireland in the English language and shall be governed by the Arbitration Act 2010. Notwithstanding the foregoing, nothing in this +Agreement shall limit the right of either Party to seek any injunctive, equitable or other interlocutory relief as it may be entitled to in the +Courts of Ireland. + +12. Other Legal Clauses. + +(a) Third Parties. Customer may permit a third party (“Customer’s Agent”) to use the Products to perform security services +for and on behalf of Customer but solely for Customer’s benefit and solely for Customer’s internal business purposes. Customer shall +be fully responsible for Customer’s Agent’s use of the Products, including liability for any breach of this Agreement or use beyond the +licensed quantities set forth in the Ordering Document. If Customer elects to utilize a Customer’s Agent to perform Scans on its behalf, +then only Customer’s Agent (and not Customer) will be permitted to contact Tenable Support Services. Tenable shall have the right to +withdraw its consent to the use of any Customer’s Agent in its reasonable discretion. + +(b) Notices. Any legal notices or other communication pursuant to this Agreement must be in writing, in English, and will be +deemed to have been duly given when delivered if delivered personally or sent by recognized overnight express courier. All notices to +Tenable must be sent to the address described in this Agreement to the attention of the Legal Department (unless otherwise specified by +Tenable). All notices Tenable sends to Customer shall be at the physical address referenced in this Agreement (or otherwise provided +to Tenable). Tenable may provide notices with regard to Products via the email address Customer provided during Product registration +and Customer hereby consents to receive such communications from Tenable in an electronic form. + +(c) Assignment. Neither Party may assign or otherwise transfer this Agreement without the other Party’s prior written consent, +which will not be unreasonably withheld; provided, however, either Party may transfer this Agreement to an Affiliate or in connection +with a merger or sale of all (or substantially all) of the stock or other ownership units of such Party. Customer must complete Tenable’s +License Assignment Request Form (to be provided upon request) in order to complete assignment of this Agreement. + +(d) Force Majeure. With the exception of payment, neither Party shall be liable for any loss or delay (including failure to meet +the service level commitment) resulting from any force majeure event, including, but not limited to, acts of God, fire, natural disaster, +terrorism, labor stoppage, Internet service provider failures or delays, civil unrest, war or military hostilities, or criminal acts of third +parties, and any Delivery date shall be extended to the extent of any resulting delay. + +(e) Language. The language of this Agreement is English and all invoices and other documents given under this Agreement +must be in English to be effective. No translation, if any, of this Agreement or any notice will be of any effect in the interpretation of +this Agreement or in determining the intent of the parties. The Parties have expressly agreed that all invoices and related documents be +drafted in English. The following shall apply solely for Agreements which are under French Canadian jurisdiction: C’est la volonté +expresse des parties que la presente convention ainsi que les documents qui s’y rattacent soient rediges en anglais. + +13. Evaluations and NFR Licenses. + +(a) Evaluations. If Customer wants to conduct an evaluation, proof of value or other similar trial of Tenable Products +(“Evaluation Products”), Tenable may (in its sole discretion) provide evaluation licenses for such Evaluation Products in accordance +with the following: (i) Customer shall have no obligation to make payment for such Evaluation Product for such evaluation usage; (ii) +the license term will expire at the end of the agreed-upon evaluation period, at which time Customer must either return or destroy the +Software and cease access to the Hosted Services; and (iii) Tenable shall have no obligation to provide Support Services. +Notwithstanding the foregoing, to facilitate a transition from an evaluation to a paid subscription, in certain cases Tenable may allow +Customer to continue to use containers (or otherwise migrate data) generated during an evaluation period. Customers may not use the +Evaluation Products to scan third party Scan Targets or provide a service to Customer’s clients. + +(b) Container Access. Customer acknowledges that a Tenable employee may request access to the Evaluation Products in +the Customer environment (which may occur in a production container) in order to maximize the effectiveness of the Evaluation +Products and to set up certain configurations, and this may be done without the Customer being present but will be subject to prior +written consent from Customer. + +(c) Early Access. Tenable may make some versions of Products available to Customer on an alpha, beta, or early access +basis (each, an “Early Access Product”). Customer’s access to the Early Access Product may be discontinued at any time. Early +Access Products remain subject to all applicable license restrictions. Tenable may not offer Support Services for Early Access +Products. No warranty or service level commitment made under this Agreement will apply to Early Access Products. + +(d) Technology Partners. Tenable in its sole discretion may allow Customers who are technology partners (a “Technology +Partner”) to obtain an Evaluation license and use such evaluation license to create an interoperability (“Interoperability”) between +Tenable Products and their own products. At the conclusion of the Evaluation Term, Customer may apply for an NFR license at which +time Tenable may convert the Evaluation license to an NFR license. Tenable’s conversion to an NFR license shall be at Tenable’s sole +discretion and may require Interoperability validation by Tenable. + +(e) NFR. If Customer is a sales partner or Technology Partner to whom a “Not For Resale” or “NFR” license has been granted, +Customer’s license to the Product will commence upon Delivery and continue for a period of one year (unless the Ordering Document +sets forth a different term) and shall automatically renew for consecutive one (1) year terms unless either Party provides the other Party +with written notice of its non-renewal of the NFR license at least thirty (30) days before the expiration of the then-current term. +Notwithstanding the foregoing, Tenable may terminate Customer’s NFR license for its convenience upon thirty (30) days’ notice, or +immediately should Customer breach any obligations under this Agreement. + +(f) NFR Customer Prohibitions. Customer shall not purport to take on any obligation or responsibility, or make any +representations, warranties, guarantees or endorsements to anyone on behalf of Tenable, including without limitation, relating to Tenable +products, software, or services. Except as specifically permitted in this Agreement, Customer shall not state or imply that any of +Customer’s products have been endorsed, reviewed, certified or otherwise approved by Tenable. Customer may not use Products +provided under an NFR license: (i) in a production environment, (ii) to protect its own networks, (iii) as part of a service provided to its +customers, or (iv) to perform customer evaluations. + +(g) NFR Customer Representations. Customer hereby represent and warrant to Tenable that: (i) Customer will not intentionally +harm the reputation or goodwill of Tenable through any act or omission, and (ii) Customer have used commercially reasonable efforts +to ensure that any software, code, algorithm, API, etc., transferred to Tenable is free from any time bomb, virus, drop dead device, +worm, Trojan horse, or trap door that is designed to delete, disable, deactivate, interfere with, or otherwise harm hardware, data, or other +programs or that is intended to provide access or produce modifications not authorized by Tenable. + +(h) NFR Customer Responsibilities. Customer shall, at its sole cost and expense, defend (or at its option, settle) and indemnify +Tenable and Tenable’s subsidiaries and affiliates, and their officers, directors, employees, representatives and agents, from and against +any and all third party claims brought against Tenable based upon a claim that use of Customer’s software or Customer’s product in +accordance with this Agreement infringes such third party’s patent, copyright or trademark or misappropriates any trade secret, and shall +pay all settlements entered into and damages awarded to the extent based on such claim or action. + +14. General. + +This Agreement constitutes the entire agreement between the Parties, and supersedes all other prior or contemporaneous +communications between the Parties (whether written or oral) relating to the subject matter of this Agreement. No Customer document, +purchase order, request for proposal, or other specifications requirement shall modify, supersede, or become part of this Agreement, or +otherwise contractually bind Tenable unless signed by Tenable. The provisions of this Agreement will be deemed severable, and the +unenforceability of any one or more provisions will not affect the enforceability of any other provisions. If any provision of this +Agreement, for any reason, is declared to be unenforceable, the Parties will substitute an enforceable provision that, to the maximum +extent possible under applicable law, preserves the original intentions and economic positions of the Parties. Section headings are for +convenience only and shall not be considered in the interpretation of this Agreement. Customer agrees that Tenable may use Customer’s +name or logo in a customer list. Customer may not use Tenable’s name or logo without prior written consent and in accordance with +Tenable’s guidelines. No failure or delay by a Party in exercising any right, power or remedy will operate as a waiver of that right, +power or remedy, and no waiver will be effective unless it is in writing and signed by the waiving Party. If a Party waives any right, +power or remedy, the waiver will not waive any successive or other right, power or remedy the Party may have under this Agreement. +The Parties are independent contractors and this Agreement will not establish any relationship of partnership, joint venture, employment, +franchise or agency between the Parties. Nothing in this Agreement shall prevent Tenable from subcontracting any of its obligations +hereunder; provided, however, that Tenable’s use of a subcontractor shall not release Tenable from any duty or liability to fulfill its +obligations under this Agreement and Tenable shall be liable for any act or omission of a subcontractor to the same extent as if the act +or omission had been made by Tenable. This Agreement is not intended nor will it be interpreted to confer any benefit, right or privilege +in any person or entity not a party to this Agreement. Any party who is not a party to this Agreement has no right under any law to +enforce any term of this Agreement. Any provision of this Agreement that imposes or contemplates continuing obligations on a Party +and any section which by its nature is intended to survive will survive the expiration or termination of this Agreement, including Sections +3, 4, 6, 8, 9 and 11. + +15. Government Entities. This Section 15 shall only apply to Government Customers, as defined below. + +If Customer is an agency or instrumentality of a sovereign government (a “Government Customer”), all Government Customer +end users acquire the rights to use and/or access the Products and or Services with only those rights set forth herein (consistent with 48 +C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4). The terms and conditions of this Agreement govern Government +Customer’s use and disclosure of the Products and supersede any conflicting terms and conditions that may be applicable through the +Government Customer’s procurement regulations. If this Agreement fails to meet the Government Customer’s needs or is inconsistent +in any way with federal law, the government must return the Product, unused, to Tenable. If Customer is prohibited by law, regulation, +or relevant attorney general opinion from agreeing to any clause of this Agreement (collectively, “Restrictions”), the Agreement shall +be modified to the extent required under such Restrictions. Each of the components that constitute the Product is a “commercial item” +as that term is defined at 48 C.F.R. 2.101, consisting of “commercial computer software” and/or “commercial computer software +documentation” as such terms are used in 48 C.F.R. 12.212. + + +SCHEDULE A: SOFTWARE + +This Schedule for Tenable Software is subject to and made part of the Agreement. + +1. General. This Schedule governs Customer’s license of Software. + +2. License; Right to Use. Subject to the terms of the Agreement and payment of the applicable license fees, Tenable grants +Customer for the duration of the License Term a non-exclusive, non-transferable, non-sublicensable license to use the Software +(in object code form only) solely for Customer’s or Customer’s Affiliates own internal business purposes. Customer’s right to +install such Software is limited to use with the computers or machines for which the Software is registered for use. Customer +is permitted to make one copy of the Software for backup or archival purposes. + +3. Warranty. Tenable warrants that the Software shall materially conform to the Documentation for a period of thirty (30) days +after Delivery. Customer’s sole and exclusive remedy for breach of this warranty shall be for Tenable to, at its sole option: (i) +use commercially reasonable efforts to modify or correct the Software such that in all material respects it conforms to the +functionality described in the Documentation; or (ii) if Tenable is unable to restore such functionality within sixty (60) days, +Customer shall be entitled to a refund for the non-conforming Software. + +4. Open Source and Third Party Software. Any code or other intellectual property included as part of the Software that was +licensed to Tenable by third parties that is not marked as copyrighted by Tenable is subject to other license terms that are +specified in the Documentation available on Tenable’s website at https://docs.tenable.com/licensedeclarations/ (or a successor +location). Customer agrees to be bound by such other license terms. + +5. Compliance Rights. Tenable may, by itself or through an independent third party, review Customer’s usage of the Software to +confirm compliance with this Agreement or the applicable Ordering Document. Tenable shall: (i) provide Customer with +reasonable advance notice of the review; (ii) not request such review more than once per year; and (iii) not unreasonably +interfere with Customer’s business activities when conducting the review. + + +SCHEDULE B: HOSTED SERVICES + +This Schedule for Tenable Hosted Services is subject to and made part of the Agreement. + +1. General. This Schedule governs Customer’s use of the Hosted Services. + +2. License; Right to Use. Subject to the terms of the Agreement and payment of the applicable license fees, Tenable grants +Customer for the duration of the License Term a non-exclusive, non-transferable, non-sublicensable right to access the Hosted +Environment and use those modules of the Hosted Services set forth on a valid Ordering Document solely for Customer’s or +Customer’s Affiliates own internal business purposes. + +3. Warranty. Tenable warrants that the Hosted Services will materially comply with the functionality described in the +Documentation. Customer’s sole and exclusive remedy for breach of this warranty shall be for Tenable to use commercially +reasonable efforts to modify the Hosted Services to provide in all material respects the functionality described in the +Documentation. If Tenable is unable to restore such functionality within sixty (60) days, Customer shall be entitled to terminate +the Agreement and receive a pro-rata refund of any prepaid but unused fees for the nonconforming Hosted Services. Tenable +shall have no obligation with respect to a warranty claim hereunder unless Customer notifies Tenable of such claim within +thirty (30) days of the date the underlying condition first arose. This warranty shall only apply if the applicable Hosted Service +has been utilized in accordance with the Agreement and the Documentation. + +4. Acknowledgements. By initiating a Scan, Customer authorizes Tenable to access the Scan Targets in the context of the Scans. +Customer understands and acknowledges that the Scans may originate or appear to originate from a Tenable URL which could +cause Customer (or the owner of the Scan Targets) to believe they are under attack. Customer agrees not to pursue any claims +against Tenable as a result of any access to Scan Targets when such access was made in connection with an authorized Scan +unless such a claim is based on the gross negligence or willful misconduct of Tenable. + +5. Usage Requirements. Customer must provide current and accurate information in all submissions made in connection with the +Hosted Services, including registration information and the location of the Scan Targets to be Scanned. Tenable may, in its +reasonable discretion, prohibit or suspend access of certain users of the Hosted Services. In the event Tenable suspects or +anticipates such suspension, Tenable will, to the extent practical under the circumstances, use commercially reasonable efforts +to provide Customer with prior written notice of the suspension and an opportunity to cure the issue prior to (and in avoidance +of) suspension. Customer acknowledges that under certain circumstances such prior notice and/or cure period may not be +possible or practical. Customer agrees to safeguard and maintain the confidentiality of all user names and passwords. Customer +further agrees to use best efforts to ensure that no unauthorized parties have access to the Hosted Services through Customer’s +account and/or log-in credentials. Customer will promptly notify Tenable of any unauthorized access of which Customer is +aware or reasonably suspects. Customer is responsible for compliance with this Agreement and all use of the Hosted Services +through Customer’s account. + +6. PCI Scans. Tenable makes no guarantee that a successful completion of a PCI Scan will make Customer compliant with the +Payment Card Industry Data Security Standard. + +7. Data Retention Policy. Customer has the option to select the duration of the data retention period of Scan Data in the Hosted +Environment in accordance with the limitations described in the Documentation. Customer acknowledges that Tenable is in +no way responsible for any of Customer’s data retention compliance requirements. Tenable’s data retention policy with respect +to PCI Scans will match then-current requirements set forth by the PCI Security Standards Council. + +8. Service Level Agreement. Tenable commits to make access to the Hosted Environment available in accordance with Tenable’s +then-current service level agreement, available at http://static.tenable.com/prod_docs/Service_Level_Agreement.pdf (or a +successor location). + + +SCHEDULE C: PROFESSIONAL SERVICES + +This Schedule for Tenable Professional Services is subject to and made part of the Agreement. + +1. General. The Parties may agree, from time to time, on the purchase and sale of Tenable Professional Services, which may be +further described in a separate SOW or Services Brief. Except as otherwise agreed to by the Parties in writing, all Services +Briefs or SOWs will be governed by this Agreement. In the event of inconsistency between the Agreement and a signed SOW, +the signed SOW shall govern. + +2. Type of Services. Tenable offers a range of Professional Services; provided, however, unless otherwise agreed upon in writing, +Tenable does not offer creation of custom intellectual property. Tenable is not obligated to provide any Professional Services +except as mutually agreed in a Services Brief or SOW. + +3. Deliverables. “Deliverable(s)” means the reports, analysis, codes, scripts, slides, documents, examples and other written +materials or work results provided as part of the Professional Services. + +4. Intellectual Property Rights. + +(a) Grant of License in Deliverables. Tenable grants Customer a non-exclusive, non-transferable, irrevocable (except in case of +breach of the Agreement or SOW) perpetual right to use, copy and create derivative works from the Deliverables (without the +right to sublicense) for Customer’s or Customer’s Affiliates internal business operations, as contemplated by the applicable +SOW or Services Brief. +(b) Reservation of Rights. Except for the rights expressly granted herein to Customer, Tenable expressly reserve all other rights +in and to the Professional Services and Deliverables. Notwithstanding anything to the contrary in this Schedule, nothing shall +prevent Tenable from providing similar Professional Services to other customers and nothing in this Schedule shall be construed +to provide any intellectual property rights whatsoever in the Products (or any modifications or enhancements thereto) that +Tenable develops or makes generally available for sale to its customers. +(c) Pre-Existing Materials. Any pre-existing materials, proprietary item or intellectual property rights of either Party which is +disclosed or used in performing the Professional Services shall remain fully vested in such Party. Nothing in this Schedule +shall transfer any rights whatsoever in Tenable’s Products. Customer hereby grants to Tenable the intellectual property rights +(if any) required for Tenable to perform the Professional Services. + +5. Warranty. Tenable warrants that all Professional Services shall be performed in a professional manner and in accordance with +industry standards. Tenable further warrants for a period of ten (10) days from the service completion date that the Professional +Services shall materially conform to the applicable SOW or Services Brief. If Customer provides written notice of a nonconformity +during this warranty period, Tenable shall promptly confirm the non-conformity and upon confirmation, Tenable’s +entire liability and Customer’s exclusive remedy shall be for Tenable to use commercially reasonable efforts to re-perform the +Professional Services within a reasonable amount of time. If Tenable is unable to re-perform the Professional Services, then +Tenable may elect to refund amounts paid by Customer for the non-conforming Professional Services. + +6. Scheduling; Cancellation. Professional Services must be scheduled within nine (9) months of the date of the Ordering +Document under which such Professional Services were purchased and completed within twelve (12) months of the Ordering +Document. If Customer does not schedule the Professional Services within this time frame, Tenable shall have no obligation +to perform the Professional Services or provide a refund. Tenable shall have no obligation to perform the Professional Services +or provide a refund if Customer or Customer’s designated attendees do not attend a scheduled training session or cancel a +Professional Services engagement without providing proper notice. Customer must provide Tenable at least five (5) business +days’ notice to reschedule any Professional Services. Tenable reserves the right, directly or through a Reseller, to invoice +Customer monthly for travel expenses incurred in the prior month. + +7. Customer Responsibilities. For Professional Services occurring on Customer’s site, Tenable agrees to comply with applicable +and reasonable security procedures provided Customer provides Tenable with such written procedures in advance. Some of +the Professional Services may require Customer to have specialized knowledge or meet particular software or hardware +requirements (for example, appropriate computers or appliances, stable Internet connection or up-to-date web browsers or +operating system, etc.). If technical issues arise during the Professional Services, Tenable will use commercially reasonable +efforts to resolve such issues, but will have no liability based on Customer’s failure to meet technical requirements. Tenable +will not provide any refund based on Customer’s failure to meet these prerequisites. + +8. Changes. Either Party may request that a change be made to the Professional Services. Tenable reserves the right to charge a +fee for any material changes to the Professional Services. No changes shall be binding unless executed by both Parties. + +9. Non-Solicitation. During the term that Professional Services are being provided and for a period of one (1) year after their +completion, Customer will not, either directly or indirectly, solicit for employment any person employed by Tenable or any of +its Affiliates that have provided Customer Professional Services under this Agreement. For the avoidance of doubt, this +restriction shall not prevent Customer from hiring based on a response to Customer’s advertising in good faith to the general +public a position or vacancy to which an employee or worker of Tenable responds, provided that no such advertisement shall +be intended to specifically target Tenable personnel. + + +Tenable Confidential and Proprietary Tenable Master Agreement v.6 2.2023 |