7/28/2019 LEG R7+Community+EULA+Oct+2011

1/4

Last Modified Oct 2011

Rapid7 End User License and Services Terms and Cond itions

Customer agrees to be bound by the following terms and conditions (this Agreement) in connection with its purchase and use of certain Rapid7 LLCs(Rapid7) Software and Services (each as defined below). Before installing and using any Software and/or obtaining and using any Services you shouldread this Agreement carefully. Clicking accept or otherwise installing and/or using the Software and/or obtaining and/or using any Services establishes abinding agreement between Rapid7 and you as the person licensing the Software and/or obtaining the Services; provided that if you are entering into thisAgreement on behalf of a company or other legal entity, you represent that you have the authority to bind such entity to this Agreement, in which case theterm "Customer" shall refer to such entity. If you do not have such authority or if you do not accept all of the terms of this Agreement, you shall have notright to install and/or use the Software and/or obtain and/or use any Services.

1. DEFINITIONS

1.1 Content Updates means content used by certain Rapid7 Softwarewhich is updated from time to time, including but not limited to updatedvulnerability signatures for vulnerability assessment products and exploitsfor penetration testing products.

1.2 Documentation means the published and generally available usermanuals andwritten materials Rapid7 delivers or makes available with theSoftware.

1.3 License Term shall mean the period in which Customer is authorized toutilize the Software. Each License Term shall be listed on the applicableProduct Order Form and shall commence on the date Customer is deliveredthe Software.

1.4 Metasploit Products shall mean Rapid7s proprietary penetrationtesting products currently marketed under the names MetasploitExpress,

MetasploitPro and MetasploitCommunity Edition.

1.5 Nexpose Products shall mean Rapid7s proprietary networkscanning and vulnerability products currently marketed under the namesNexpose Express, Nexpose Consultant, Nexpose Enterprise andNexposeCommunity Edition.

1.6 Product Order Form means either Rapid7s online registration form orother ordering document entered into by Customer and Rapid7 whichidentifies the Software or any hardware ordered by Customer from Rapid7,sets forth the price to be paid for such Software or hardware and sets forththe number of Users who may access and use the Software (for MetasploitProducts and Nexpose Products) and the number of IP addresses that maybe scanned by the Software (for Nexpose Products).

1.7 Services means Rapid7s maintenance and support services andprofessional services as described herein.

1.8 Software" means those Rapid7 Metasploit Products and/or NexposeProducts listed on the applicable Product Order Form and all updates,enhancements, bug fixes and new releases thereto that Rapid7 elects in itsdiscretion to make available to Customer.

1.9 User means those specific individual named users who are grantedaccess to the Software by Customer. For the sake of clarity, Users shallinclude full and part-time employees, contractors, agents, or other workersof Customer; provided, however each individual person shall count as onlyone User. Once a User has been deactivated by the Softwaresadministrator (even if as a result of employee turnover) such User licensemay be transferred to another person.

2. SOFTWARE LICENSES

2.1. License to Metasploit Products. To the extent that Customer haslicensed any of Rapid7s proprietary Metasploit Products then the followinglicense terms, as applicable, shall apply:

(a) For Metasploit Express: Subject to the terms and conditions ofthis Agreement, Rapid7 hereby grants to Customer, during the License

Term only, a non-exclusive, non-transferable license to allow the number ofUsers set forth on the Product Order Form to use such Software (in objectcode form only) solely for network penetration testing purposes, solely inaccordance with any restrictions on use set forth on the Product OrderForm and only in accordance with the applicable Documentation.Customer shall ensure that its use of the Software does not exceed thenumber of Users set forth on the Product Order Form.

(b) For Metasploit Pro: Subject to the terms and conditions of thisAgreement, Rapid7 hereby grants to Customer, during the License Termonly, a non-exclusive, non-transferable license to use such Software (in

object code form only) solely for network penetration testing purposesolely in accordance with any restrictions on use set forth on the ProdOrder Form and only in accordance with the applicable DocumentatioCustomer shall ensure that its use of the Software does not exceed tnumber of Users, machines, seats and/or other restrictions set forth on tProduct Order Form (all as more fully described on such Product OrdForm).

(c) For Metasploit Community Edition. Subject to the terms aconditions of this Agreement, Rapid7 hereby grants to Customer, forperiod of one (1) year from the date Customer first downloads the Softwaa non-exclusive, non-transferable license to allow one (1) User only to usuch Software (in object code form only) solely for network penetrattesting purposes, solely in accordance with any restrictions on use set foron the Product Order Form and only in accordance with the applicabDocumentation. Customer shall ensure that its use of the Software donot exceed one (1) User. Customer shall cease using the Software at t

expiration of the one year period referenced above unless such licenseterminated earlier in accordance with this AgreemeNOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN, THSOFTWARE IS PROVIDED AS IS AND ALL WARRANTIES, EXPRESOR IMPLIED, ARE EXCLUDED AND DISCLAIMED, INCLUDINWITHOUT LIMITATION THE IMPLIED WARRANTIES OMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NOINFRINGEMENT, AND ANY WARRANTIES ARISING BY STATUTE OOTHERWISE IN LAW OR FROM COURSE OF DEALING, COURSE OPERFORMANCE, OR USE OF TRADE. Sections 5.1, 5.2 and 10 shall

be applicable to the Software.

(d) For Evaluation or Trial Licenses to any Metasploit Products. Customers Product Order Form specifies that its license to the applicaMetasploit Product is for a trial or evaluation only then Customer shall haa non-exclusive, non-transferable, revocable license to use the applicab

Metasploit Product (in object code form only) solely for Customers interevaluation purposes and solely for the term specified on the Product OrdForm. Rapid7 may revoke Customers license at any time and for areason. Sections 5.1, 5.2 and 10 shall not be applicable to any evaluat

or trial license of the Metasploit Product.

2.2. License to Nexpose Products. To the extent that Customer hlicensed any of Rapid7s proprietary Nexpose Products then the followlicense terms, as applicable, shall apply:

(a) For Nexpose Express. Subject to the terms and conditions of tAgreement, Rapid7 hereby grants to Customer, during the License Teonly, a non-exclusive, non-transferable license to allow one User to usuch Software (in object code form only) solely for purposes of scannauthorized IP addresses. For the sake of clarity, Customer may also scIP addresses of third parties provided that such third party has authorizCustomer to perform such scan. Customer shall ensure that when us

the Software it does not scan more IP addresses than those set forth on tProduct Order Form and shall comply with any other restrictions on use forth on the Product Order Form.

(b) For Nexpose Consultant. Subject to the terms and conditionsthis Agreement, Rapid7 hereby grants to Customer, during the Licen

Term only, a non-exclusive, non-transferable license to allow one Userinstall the Software (in object code form only) solely on one (1) laptcomputer and to use such Software for purposes of scanning authorizedaddresses. For the sake of clarity, Customer may also scan IP addressof third parties provided that such third party has authorized Customer perform such scan. Customer shall ensure that when using the Softwaredoes not scan more IP addresses than those set forth on the Product OrdForm and shall comply with any other restrictions on use set forth on t

7/28/2019 LEG R7+Community+EULA+Oct+2011

2/4

Product Order Form.

(c) For Nexpose Enterprise. Subject to the terms and conditions ofthis Agreement, Rapid7 hereby grants to Customer a perpetual, non-exclusive, non-transferable license to allow an unlimited number of Users touse such Software (in object code form only) for purposes of scanningauthorized IP addresses. For the sake of clarity, Customer may also scanIP addresses of third parties provided that such third party has authorizedCustomer to perform such scan. Customer shall ensure that when usingthe Software it does not scan more IP addresses than those set forth on the

Product Order Form and shall comply with any other restrictions on use setforth on the Product Order Form.

(d) For Nexpose Community Edition. Subject to the terms andconditions of this Agreement, Rapid7 hereby grants to Customer a non-exclusive, non-transferable license to allow one (1) User only to use suchSoftware (in object code form only) solely for purposes of scanning up tothirty-two (32) authorized IP addresses, solely in accordance with anyrestrictions on use set forth on the Product Order Form and only inaccordance with the applicable Documentation. Customer shall ensure thatits use of the Software does not exceed one (1) User and that it does notuse the Software to perform vulnerability scans for more than 32 IPaddresses (each an IP Address License). Customer may, however,deactivate such IP Address Licenses, in total, and re-allocate such IPAddress Licenses to replacement IP Addresses no more than one time persix (6) month period. NOTWITHSTANDING ANYTHING TO THECONTRARY HEREIN, THE SOFTWARE IS PROVIDED AS IS AND ALL

WARRANTIES, EXPRESS OR IMPLIED, ARE EXCLUDED ANDDISCLAIMED, INCLUDING WITHOUT LIMITATION THE IMPLIEDWARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULARPURPOSE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISINGBY STATUTE OR OTHERWISE IN LAW OR FROM COURSE OFDEALING, COURSE OF PERFORMANCE, OR USE OF TRADE. Sections5.1, 5.2 and 10 shall not be applicable to the Software.

(e) For Evaluation or Trial Licenses to any Nexpose Products. IfCustomers Product Order Form specifies that its license to the applicableNexpose P roduct is for a trial or evaluation only then Customer shall have anon-exclusive, non-transferable, revocable license to use the applicableNexpose Product (in object code form only) solely for Customers internalevaluation purposes and solely for the term specified on the Product OrderForm. Rapid7 may revoke Customers license at any time and for anyreason. Sections 5.1, 5.2 and 10 shall not be applicable to any evaluation

or trial license of the Nexpose Product.2.3. Delivery and Copies. Delivery shall be deemed to have been madeupon Rapid7 providing Customer with instructions to download theSoftware from a Rapid7 designated download site. Notwithstandinganything to the contrary herein, Customer may make a reasonable numberof copies of the Software for the sole purpose of backing-up and archivingthe Software. Each copy of the Software is subject to all of the terms andconditions of this Agreement and must contain the same titles, trademarks,and copyright notices as the original. To the extent that Rapid7 sells anyhardware to Customer, then all shipments are FOB Rapid7 designatedshipping facility and shall be deemed accepted by Customer upon delivery.

2.4. Restrictions. As between the parties, Rapid7 retains all right, titleand interest in and to the Documentation, Software, Content Updates andin all copies, modifications and derivative works of the Documentation,Software and Content Updates including, without limitation, all rights topatent, copyright, trade secret, trademark and other proprietary orintellectual property rights. Customer will not and will not allow a third partyto: (i) decompile, reverse engineer, disassemble or otherwise attempt toderive, analyze or use any source code or underlying ideas or algorithmsrelated to the Software by any means whatsoever, except and only to theminimal extent the provisions of this Section are expressly prohibited byapplicable statutory law or (ii) remove any product identification, copyrightor other notices in the Software or on any Software. Customer agrees tohold in confidence, not disclose, and not use the Software or the ContentUpdates except as expressly permitted herein. Customer further agreesthat it shall not use the Software for the purposes of conductingcomparative analysis, evaluations or product benchmarks with respect tothe Software without Rapid7s prior written approval. Customer recognizesand agrees that there is no adequate remedy at law for a breach of thisSection 2.4 and that such breach would irreparably harm Rapid7 for which

monetary damages would not be an adequate remedy and that Rapid7entitled to equitable relief in addition to any other remedies.

3. FEES AND PAYMENT TERMS

Customer shall pay Rapid7 the fees, charges and other amounts specifon the Product Order Form in accordance with the payment terms set foon the Product Order Form. Customer shall be responsible for all shippcosts and taxes levied on any transaction under this Agreement, includinwithout limitation, all federal, state, and local sales taxes, levies aassessments, excluding, however, any taxes based on Rapid7's incom

Customer shall also pay all reasonable travel and out-of-pocket expensincurred by Rapid7 in connection with any Services rendered but only to textent such expenses have been pre-approved in advance by Customer.

4. CONTENT UPDATES

For so long as Customer subscribes to Rapid7s maintenance and suppservices for the Software, Customer is granted the right to use, as part the Software, such Content Updates as and when they are made generaavailable to Rapid7s end user customers who are covered by Rapid7maintenance and support services for such Software. This Agreement donot otherwise permit Customer to obtain and use Content Updates.

5. LIMITED WARRANTY

5.1. Warranty. Rapid7 warrants that (a) for a period of one (1) yefollowing the initial delivery of any hardware product purchased Customer from Rapid7 and (b) for a period of ninety (90) days following t

initial delivery of any Software to Customer, the hardware or Software, the case may be, will perform in conformity with its Documentation, in material respects. Such warranty does not apply to hardware or Softwathat has been damaged, mishandled, mistreated, altered or used maintained or stored other than in conformity with this Agreement and tDocumentation. Rapid7 further represents and warrants all Services will provided with reasonable skill and care conforming to generally acceptindustry standards.

5.2. Remedy. If the above warranties are breached, Rapid7 will, at option and at no cost to Customer, (a) provide remedial services necessato enable the hardware, Software or Services to conform to the warranty,(b) replace any defective hardware or Software, or (c) refund amounts paby Customer and received by Rapid7 in respect of the defective hardwaSoftware or Services. Customer will provide Rapid7 with a reasonabopportunity to remedy any breach and reasonable assistance in remedyiany defects. Customer will notify Rapid7 in writing of any breach

warranty promptly after becoming aware of the same, but in any evewithin the warranty periods set forth in Section 5.1. The remedies set outhis subsection are Customers sole and exclusive remedies for breach the above warranties.

5.3. No Other Warranty. TO THE MAXIMUM EXTENT PERMITTED APPLICABLE LAW, THE WARRANTIES SET FORTH IN THIS SECTIO5 ARE CUSTOMERS EXCLUSIVE WARRANTIES AND ARE IN LIEU O

ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIEINCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OMERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR PARTICULAR PURPOSE, AND NONINFRINGEMENT OINTELLECTUAL PROPERTY RIGHTS. RAPID7 MAKES NWARRANTIES OR REPRESENTATIONS THAT THE SOFTWARE, ANHARDWARE, ANY SERVICES OR ANY CONTENT UPDATES WIMEET CUSTOMERS REQUIREMENTS OR THAT OPERATION OR USOF THE SOFTWARE, HARDWARE OR CONTENT UPDATES WILL B

UNINTERRUPTED OR ERROR-FREE. RAPID7 MAKES NO WARRANTHAT ALL SECURITY RISKS OR THREATS WILL BE DETECTED BUSE OF THE SOFTWARE OR THAT FALSE POSITIVES WILL NOT BFOUND. CUSTOMER MAY HAVE OTHER WARRANTY RIGHTS, WHICMAY VARY FROM STATE TO STATE AND COUNTRY TO COUNTRY.

6. LIMITATION OF LIABILITY.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW ANREGARDLESS OF WHETHER ANY REMEDY SET FORTH HEREFAILS OF ITS ESSENTIAL PURPOSE, IN NO EVENT WILL CUSTOMEOR RAPID7 OR ANY OF RAPID7S LICENSORS, RESELLERSUPPLIERS OR AGENTS BE LIABLE TO THE OTHER PARTY FOR

ANY COSTS OF PROCUREMENT OF SUBSTITUTE OR REPLACEMENGOODS AND SERVICES, LOSS OF PROFITS, LOSS OF USE, LOSS O

7/28/2019 LEG R7+Community+EULA+Oct+2011

3/4

OR CORRUPTION TO DATA, BUSINESS INTERRUPTION, LOSS OFPRODUCTION, LOSS OF REVENUES, LOSS OF CONTRACTS, LOSSOF GOODWILL, OR ANTICIPATED SAVINGS OR WASTEDMANAGEMENT AND STAFF TIME; (ii) ANY SPECIAL,CONSEQUENTIAL, INCIDENTAL OR INDIRECT DAMAGES WHETHER

ARISING DIRECTLY OR INDIRECTLY OUT OF THIS AGREEMENT,EVEN IF CUSTOMER, RAPID7 OR RAPID7S LICENSORS,RESELLERS, SUPPLIERS OR AGENTS HAVE BEEN ADVISED SUCHDAMAGES MIGHT OCCUR OR (iii) ANY CLAIMS OR DAMAGES INEXCESS OF THE FEES CUSTOMER PAID RAPID7 FOR THE

HARDWARE, SOFTWARE OR SERVICES GIVING RISE TO THE CLAIM.NOTHING IN THIS AGREEMENT SHALL OPERATE SO AS TOEXCLUDE OR LIMIT A PARTYS LIABILITY FOR DEATH ORPERSONAL INJURY ARISING OUT OF NEGLIGENCE OR FOR ANYOTHER LIABILITY WHICH CANNOT BE EXCLUDED OR LIMITED BYLAW. THE LIMITATIONS CONTAINED IN THIS SECTION 6 SHALL

ALSO NOT APPLY TO (A) A BREACH BY A PARTY OF ITSOBLIGATIONS SET FORTH IN SECTION 8 BELOW(CONFIDENTIALITY), (B) A VIOLATION BY CUSTOMER OF ANY OFRAPID7S INTELLECTUAL PROPERTY RIGHTS IN AND TO THESOFTWARE OR USE OF THE SOFTWARE BY CUSTOMER EXCEPT ASEXPRESSLY PERMITTED HEREIN, OR (C) ANY AMOUNTS DUERAPID7 UNDER THIS AGREEMENT.

7. USAGE VERIFICATION

At Rapid7s written request, and no more than every six (6) months,Customer shall provide Rapid7 with a signed certification verifying that theSoftware is being used pursuant to the provisions of this Agreement. Inaddition to the foregoing, at Rapid7s written request, Customer will permitRapid7 to review and verify Customers records, deployment and use of theSoftware for compliance with the terms and conditions of this Agreement, atRapid7s expense. Any such review shall be scheduled at least ten (10)days in advance, shall be conducted during normal business hours atCustomers facilities, and shall not unreasonably interfere with Customersbusiness activities.

8. CONFIDENTIALITY

8.1 Confidential Information. During the term of this Agreement,each party will regard any information provided to it by the other party anddesignated in writing as proprietary or confidential to be confidential(Confidential Information). Confidential Information shall also includeinformation which, to a reasonable person familiar with the disclosingparty's business and the industry in which it operates, is of a confidential or

proprietary nature. A party will not disclose the other partys ConfidentialInformation to any third party without the prior written consent of the otherparty, nor make use of any of the other partys Confidential Informationexcept in its performance under this Agreement. Each party acceptsresponsibility for the actions of its agents or employees and shall protectthe other partys Confidential Information in the same manner as it protectsits own valuable confidential information, but in no event shall less thanreasonable care be used. The parties expressly agree that the Softwareand the terms and pricing of this Agreement are the ConfidentialInformation of Rapid7. The receiving party shall promptly notify thedisclosing party upon becoming aware of a breach or threatened breachhereunder, and shall cooperate with any reasonable request of thedisclosing party in enforcing its rights.

8.2 Exclusions. Information will not be deemed ConfidentialInformation hereunder if such information: (i) is known prior to receipt fromthe disclosing party, without any obligation of confidentiality; (ii) becomes

known to the receiving party directly or indirectly from a source other thanone having an obligation of confidentiality to the disclosing party; (iii)becomes publicly known or otherwise publicly available, except through abreach of this Agreement; or (iv) is independently developed by thereceiving party. The receiving party may disclose Confidential Informationpursuant to the requirements of applicable law, legal process orgovernment regulation, provided that it gives the disclosing partyreasonable prior written notice to permit the disclosing party to contest suchdisclosure, and such disclosure is otherwise limited to the requireddisclosure.

9. TERMINATION

This Agreement or a Product Order Form may be terminated (a) by eitherparty if the other party is adjudicated as bankrupt, or if a petition in

bankruptcy is filed against the other party and such petition is ndischarged within sixty (60) days of such filing, or (b) by either party if tother party materially breaches this Agreement or the Product Order Foand fails to cure such breach to such partys reasonable satisfaction withthirty (30) days following receipt of written notice thereof. Customelicense to use the Software shall also terminate upon the expiration of tapplicable License Term. Upon any termination of this Agreement orProduct Order Form by Rapid7, all applicable licenses are revoked aCustomer shall immediately cease use of the applicable Software acertify in writing to Rapid7 within thirty (30) days after termination th

Customer has destroyed or returned to Rapid7 such Software and copies thereof. Termination of this Agreement or a license granthereunder shall not limit either party from pursuing any remedies availabto it, including injunctive relief, or relieve Customer of its obligation to pay fees that have accrued, have been paid, or have become payable Customer hereunder. All provisions of this Agreement which by their natuare intended to survive the termination of this Agreement shall survive sutermination.

10. INDEMNIFICATION

10.1 Indemnification. Rapid7 will defend and indemnify, at its oexpense, any third party claim against Customer that arises due to a clathat the Software infringes any valid United States copyright or involves tmisappropriation of a trade secret. Rapid7 will pay such damages or coas are finally awarded against Customer or agreed to in settlement for suclaim provided that Customer gives Rapid7: (a) written notice of any suclaim or threatened claim within ten (10) days of Customer being maaware of the claim or threat; (b) sole control of the defense, negotiatioand settlement of such claim; and (c) full cooperation in any defense settlement of the claim (at Rapid7s cost). Rapid7 will not be liable for tsettlement of a claim made without Rapid7s prior written consent.

If Customers use of the Software results in, or in Rapid7s opinion is liketo become subject to a claim of infringement or misappropriation, thRapid7 will, at its sole option and expense, either: (i) obtain for tCustomer the right to continue using the Software; (ii) replace or modify tSoftware so that it is non-infringing and substantially equivalent in functto, and interchangeable with, the infringing Software; or (iii) if options (i) a(ii) above cannot be accomplished despite the reasonable efforts of Rapidthen Rapid7 may terminate Customers rights to use the infringSoftware. When option (iii) is elected, Rapid7 will refund all collectlicense fees under this Agreement for the infringing Software on a montdeclining straight-line basis over a forty-eight (48) month period fro

delivery. THE RIGHTS GRANTED TO CUSTOMER UNDER TH

SECTION 10 SHALL BE CUSTOMERS SOLE AND EXCLUSIV

REMEDY FOR ANY ALLEGED INFRINGEMENT BY TH

SOFTWARE OF ANY PATENT, COPYRIGHT OR OTHE

PROPRIETARY RIGHT.

10.2 Exclusions. Rapid7 shall have no obligation under this Secti10 with respect to any claim of infringement or misappropriation basupon: (i) combination of the Software with products, programs or data nfurnished by Rapid7 where, but for the combination, the claim would habeen avoided; (ii) any modification of the Software not performed Rapid7, if such claim would have been avoided by use of the unmodifiSoftware; (iii) compliance by Rapid7 with Customers custom requiremenor specifications if and to the extent such compliance with Customecustom requirements or specifications resulted in the infringement; or (failure of Customer to use a replacement Software provided by Rapid7Customer in a timely manner to avoid such claim of infringement

misappropriation.

11. TECHNICAL SUPPORT AND PROFESSIONAL SERVICES

11.1 Maintenance and Support Services. Rapid7 offers multipmaintenance and support programs for the Software. The maintenancand support program selected by Customer shall be as set forth on thapplicable Product Order Form and shall be further subject to Rapid7maintenance and support policies, copies of which are located ahttp://www.rapid7.com/services/support/index.jsp.

11.2 Professional Services. Rapid7 shall provide Customer certprofessional services, such as installation, configuration, consulting, traininpenetration testing, and external scanning, if and as specified on a P rodOrder Form or a separate statement of work (SOW) executed by the parti

7/28/2019 LEG R7+Community+EULA+Oct+2011

4/4

All changes to an SOW must be approved by both parties in writing. Unlessotherwise provided on a Product Order Form or SOW, Customer isresponsible for installing and configuring all Software. Rapid7 shall havesole discretion in staffing the professional services and may assign theperformance of any portion of the professional services to anysubcontractor; provided that Rapid7 shall be responsible for theperformance of any such subcontractor. Customer shall designate at leastone employee with knowledge of Customers business and Rapid7stechnology and services as its primary contact to be available forcommunication with Rapid7 in providing the professional services.

Customer will cooperate with Rapid7, will provide Rapid7 with accurate andcomplete information, will provide Rapid7 with such assistance and accessas Rapid7 may reasonably request, and will fulfill its responsibilities as setforth in this Agreement and the SOW or Product Order Form, as the casemay be. Customer will have a non-exclusive, non-transferable license touse any deliverables or other work product developed by Rapid7 in theperformance of the professional services and which is delivered toCustomer, upon Customer's payment in full of all amounts due for suchdeliverables or work product. Rapid7 retains ownership of all information,software and other property owned by it prior to this Agreement or which itdevelops independently of this Agreement and all deliverables and workproduct compiled or developed by Rapid7 in the performance of theprofessional services.

12. GENERAL PROVISIONS

12.1. Miscellaneous. (a) This Agreement shall be construed in accordancewith and governed for all purposes by the laws of the State of Delaware,excluding its choice of law provisions; (b) this Agreement, along with theaccompanying Product Order Forms constitutes the entire agreement andunderstanding of the parties hereto with respect to the subject matter hereofand supersedes all prior agreements and undertakings, both written and oral;(c) this Agreement and each Product Order Form may not be modified exceptby a writing signed by each of the parties; (d) in case any one or more of theprovisions contained in this Agreement shall for any reason be held to beinvalid, illegal or unenforceable in any respect, such invalidity, illegality orunenforceability shall not affect any other provisions of this Agreement but thisAgreement shall be construed as if such invalid, illegal or other unenforceableprovision had never been contained herein; (e) Customer shall not assign itsrights or obligations hereunder without Rapid7's advance written consent;(f) subject to the foregoing subsection (e), this Agreement shall be bindingupon the and shall inure to the benefit of the parties hereto and theirsuccessors and permitted assigns; (g) no waiver of any right or remedyhereunder with respect to any occurrence or event on one occasion shall

be deemed a waiver of such right or remedy with respect to suchoccurrence or event on any other occasion; and (h) the headings to thesections of this Agreement are for ease of reference only and shall notaffect the interpretation or construction of this Agreement..

12.2. Export. Customer acknowledges that the export of the Software issubject to export or import control and Customer agrees that the Softwareor the direct or indirect product thereof will not be exported (or re-exportedfrom a country of installation) directly or indirectly, unless Customer obtainsall necessary licenses from the U.S. Department of Commerce or otheragency as required by law. In furtherance of Customers export restrictionagreements set forth above, Customer agrees as follows: (a) Customerrepresents that it is not under the control of the government of Cuba, Iran,Sudan, North Korea, Syria, or any country to which the United States hasprohibited export; (b) Customer will not download or otherwise export or re-export the Software or Documentation, directly or indirectly, to the countriesreferenced above or to citizens, nationals or residents of those countries;

(c) Customer represents that it is not listed on the United StatesDepartment of Treasury lists of Specially Designated Nationals, SpeciallyDesignated Terrorists, and Specially Designated Narcotic Traffickers, nor isCustomer listed on the United States Department of Commerce Table ofDenial Orders; and (d) Customer will not allow the Software to be used forany purposes prohibited by United States law, including, without limitation,for the development, design, manufacture or production of nuclear,chemical or biological weapons of mass destruction.

12.3. Compliance with Law. Customer acknowledges that the Softwarecan be configured by the user to obtain access to information usingpenetration techniques that may cause disruption in systems or servicesand may cause data corruption. Denial of Service attacks may be run oncommand that will attempt to render systems and services unavailable toauthorized users. Customer specifically agrees that the Software will only

be used to target devices under the authorized control of the Customer ain a way in which damage to systems or loss of access or loss of data wcreate no liability for Rapid7 or any third party. Customer further agreesstrictly comply with all federal, state and local laws and regulatiogoverning the use of network scanners, vulnerability assessment softwaproducts, hacking tools, encryption devices, and related software in

jurisdictions in which systems are scanned or scanning is controlled.

12.4. Government Restricted Rights. This Section 12.4 applies to acquisitions of the Software by or for the federal government, or by aprime contractor or subcontractor (at any tier) under any contract, gracooperative agreement or other activity with the federal government. TSoftware was developed at private expense and is Commercial CompuSoftware, as defined in Section 12.212 of the Federal AcquisitiRegulation (48 CFR 12.212 (October 1995)) and Sections 227.7202-1 a227.7202-3 of the Defense Federal Acquisition Regulation Supplement (CFR 227.7202-1, 227.7202-3 (June 1995)). Accordingly, any uduplication or disclosure by the Government or any of its authorized useis subject to restrictions as set forth in this standard license agreement the Software. If for any reason, Sections 12.212, 227.7202-1 or 227.7202are deemed not applicable, then the Government's rights to use, duplicaor disclose the Software are limited to "Restricted Rights" as defined in CFR Section 52.227-19(c)(1) and (2) (J une 1987), or DFARS 252.227014(a)(14) (J une 1995), as applicable. If this Agreement fails to meet tgovernment's needs or is inconsistent in any respect with Federal law, tgovernment agrees to return the Software, unused, to RapidManufacturer is Rapid7, LLC, 545 Boylston Street, Boston, MA 02116.

12.5. Relationship of the Parties. Rapid7 and Customer are independcontractors, and nothing in this Agreement shall be construed as makthem partners or creating the relationships of employer and employemaster and servant, or principal and agent between them, for any purpowhatsoever. Neither party shall make any contracts, warranties representations or assume or create any obligations, express or implied,the other party's name or on its behalf.

12.6. Force Majeure. Except for the obligation to make paymennonperformance of either party shall be excused to the extent thperformance is rendered impossible by strike, fire, flood, governmental aor orders or restrictions, failure of suppliers, or any other reason whefailure to perform is beyond the reasonable control of the non-performiparty.

12.7. Third Party Software. Customer acknowledges that the Softwamay contain or be accompanied by certain third party hardware a

software products (Third-Party Products). These Third Party Productsany, are identified in, and subject to, special license notices, terms andconditions as set forth in the Product Order Form, the Third Party Produpackaging and/or in a text file, installation file or similar file or foldaccompanying the Software (Third-Party Notices). The Third-PaNotices may include important licensing and warranty information adisclaimers. In the event of conflict between the Third-Party Notices and tother portions of this Agreement, the Third-Party Notices will taprecedence (but solely with respect to the Third-Party Products to which t

Third-Party Notices relate). Customer acknowledges that the Third-PaProducts are licensed for use solely with the Software and may not be uson a stand-alone basis or with any other third party products and thSections 5.1 and Section 10 of this Agreement shall not be applicable to t

Third-Party Products.

12.8. Notices. Any demand, notice, consent, or other communicatirequired by this Agreement must be given in writing and shall be deem

delivered upon receipt when delivered personally or upon confirmationreceipt following delivery by a nationally recognized overnight courservice, in each case addressed to the receiving party at its address sforth on the applicable Product Order Form. Either party may change address by giving written notice of such change to the other party.