Picus Security End User License Agreement (EULA) BY DOWNLOADING, INSTALLING, COPYING, ACCESSING OR USING THIS SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ACCEPTING THESE TERMS ON BEHALF OF ANOTHER PERSON OR COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT AND WARRANT THAT YOU HAVE FULL AUTHORITY TO BIND THAT PERSON, COMPANY OR LEGAL ENTITY TO THESE TERMS. IF YOU DO NOT AGREE TO THESE TERMS: DO NOT DOWNLOAD, INSTALL, COPY, ACCESS OR USE THE SOFTWARE, AND PROMPTLY RETURN THE SOFTWARE AND PROOF OF ENTITLEMENT TO THE PARTY FROM WHOM YOU ACQUIRED THEM Definitions. “Authorized Partner” means any of Picus Security’s distributors, resellers or other business partners. “Affiliate” means an entity controlling, controlled by, or under common control with You, where control is established by a majority ownership (greater than fifty percent (50%)) in or over an entity; provided, however, that the term “Affiliate” shall not include an entity which is a direct competitor of Picus Security. “Product License Certificate” means a confirmation notice letter issued electronically by Picus Security to you, confirming Software and Support purchased by you, including the applicable product usage right, as defined in the Product Usage Right Definitions (further described at Section 3(a) below) and send alongside with the license file and the installation/download guide. “You” means the individual, company, Affiliates, or other legal entity that has placed an Order, is the ultimate end user of the Products. “Documentation” means explanatory materials in printed, electronic or online form accompanying the Software in English and other languages, if available. “Order” means purchase order placed to Picus Security by You and by an authorized partner on behalf of You. “License Usage Right” means a non-exclusive, personal, non-transferable, time limited right to use the Products in accordance with this Agreement and the Order. “Fees” means the agreed upon fees in an Order. “Term” means the agreed upon time period in an Order. “Picus Security” means, Picus Bilisim Guvenlik Ticaret Anonim Sirketi, with offices located at Üniversiteler Mah. 1596. Cad. Arge 1 No: 12 Beytepe 06800 Çankaya ANKARA TURKEY “Peer” means the software component provided by Picus Security and that is used to test and validate the security level of the security devices where the Picus scan executed ”Vector” means the unidirectional cyber-attack execution path between two peers. “Permitted Capacity” means the number of Peers, type of Peers, number of Vectors, type of Vectors, or other license metrics as set forth in the Order. “Error” means a material failure of the Product to conform to the Documentation, which is reported by You and replicable by Picus Security. “Software” means each Picus Security software program in object code format licensed by Picus Security and purchased from Picus Security or its Authorized Partners, including Upgrades. “Subsidiary” refers to any entity controlled by you through greater than fifty per cent (50%) ownership of the voting securities. “Support” or “Technical Support” means the support services offered by Picus Security for the support and maintenance of the Software. “Updates” are related to content and include without limitation signature sets, policy updates, database updates for the Software which are made generally available to Picus Security’s customer base as a part of purchased Support and which are not separately priced or marketed by Picus Security. “Upgrade” means any and all improvements in the Software which are made generally available to Picus Security’s customer base as part of purchased Support and which are not separately priced or marketed by Picus Security. Licence Usage Right. Subject to the provisions contained in this Agreement, and timely payment of the applicable fees, Picus Security hereby grants You, for the Term, a License, to use the Products identified in the Order solely for Your internal cyber security needs up to the Permitted Capacity set forth in the Order. Subject to compliance with the terms of this Agreement, You may relocate or transfer the on-premise Product for use on a different server within your location. You shall not, and shall not permit anyone else to copy the Products, other than copies made solely for data backup and testing purposes. Any source code provided to You by Picus Security is subject to the terms of this Agreement. You understand that your right to use the Products is limited by the Permitted Capacity purchased, and You and Your Affiliates combined use may in no event exceed the Permitted Capacity authorized under the applicable Order. The Permitted Capacity provided in the Order(s) represents maximum amounts that You have been allowed to for the Term. If Your use exceeds the Permitted Capacity, You must purchase additional Permitted Capacity sufficient for the balance of the then-current Subscription Term to cover the excess use. In the case of Perpetual license use, access to updates and upgrades are allowed if a valid Technical Support has been purchased by You. After a Technical Support expires or in the absence of a valid Technical Support, You are not granted rights to Updates and Upgrades. Picus software cannot be used by third party testing facilities to publish success rates of vendor technologies such as intrusion prevention systems, antivirus/malware solutions and others. Licensed, including trial and demo, Picus users also cannot publish Picus findings to compare security vendors or providers. In the same way, Picus findings cannot be shared, communicated or published as the success rates of vendors or providers. Picus assessments intend to reveal success rates of different security control practices applied in different network environments, used by different security professionals with different processes and technologies. In this respect, Picus findings may differ for the same security control technology in different environments. Copy and Use terms. Product Usage Right:The use of the Software depends on the licences purchased and is subject to the usage rights stated on the Product License certificate and the permitted capacity which are defined in the pricing quotations by Picus Security and its partners and the applicable date of your Product License Certification. Term: The licence is effective for a limited period of time (“Term”) in the event that such Term is set forth in the Grant Letter, otherwise the licences shall be perpetual. Subsidiaries: You may permit use of the Software in accordance with the terms of this Agreement by a Subsidiary only for so long as such entity remains your Subsidiary. You shall be responsible and fully liable for each Subsidiary’s compliance with or breach of the terms of this Agreement. Managing Party: If you enter into a contract with a third party in which the third party manages your information technology resources (“Managing Party”), you may transfer all your rights to use the Software to such Managing Party, provided that (a) the Managing Party only uses the Software for your internal operations and not for the benefit of another third party or the Managing Party, (b) the Managing Party agrees to comply with the terms and conditions of this Agreement and (c) you provide Picus Security with written notice that a Managing Party will be using the Software on your behalf. General Restrictions: You may not, nor allow any third party to: decompile, disassemble or reverse-engineer the Software, except to the extent expressly permitted by applicable law, without Picus Security’s prior written consent; remove any product identification or proprietary rights notices of the Software or documentation; lease, lend or use the Software for timesharing or service bureau purposes; modify or create derivative works of the Software, except with Picus Security’s prior written permission, publish any performance or benchmark tests or analysis relating to the Software or otherwise use or copy the Software except as expressly provided herein. use the Software for your or your business partner’s customers. sell, lease or provide free use of this software to third parties. use whole or any part of this software (i.e. attack definitions, remediation information, etc) to integrate, directly or indirectly, with your own software, solutions or services. Technical Support and Maintenance Picus Security provides Technical Support and Maintenance services as described in this article below if you have a valid subscription or in the case of Perpetual license, if you bought a valid Technical Support. After the support or subscription period specified in a Product Licence Certificate has expired, you have no further rights to receive any Support including Upgrades and Updates. Picus Security provides email based support through its support portal during Central Europe (GMT+1) business hours. The coverage of Picus Security Technical Support and Maintenance services is described below; Remote gathering of the Customer’s information and determination of the Customer’s issue by analysing the symptoms and figuring out the underlying problem Sorting through the possible solutions available for straightforward and simple problems, including without limitation troubleshooting methods such as verifying physical layer issues, resolving username and password problems, verification of proper hardware and software set up. Error corrections or workarounds so that the Products operate in substantial conformance with the Documentation, and The provision of Updates and Upgrades, if and when available. 4.1 Picus Security’s obligation to provide technical support is limited to: a Product that has not been altered or modified by anyone other than Picus Security or its licensors; Your use of the Product in accordance with the Documentation; and errors and malfunctions caused by systems or programs supplied by Picus Security. If an Error has been corrected or is not present in a more current version of the Product, Picus Security will provide the more current version via technical support, but will not have any obligation to correct such Error in prior versions. 4.2 Technical support for Products may be limited to the most current release and the most recent previous sequential major release of the Product. Picus Security reserves the right to terminate the Subscription or Technical Support; or alternatively may choose to increase the associated fees upon 60 days prior written notice should You not stay current with a supported release in accordance with this Section. Intellectual Property Rights The Products and all related intellectual property rights are the exclusive property of Picus Security or its licensors. All right, title and interest in and to the Products, any modifications, translations, or derivatives thereof, even if unauthorized, and all applicable rights in patents, copyrights, trade secrets, trademarks and all intellectual property rights in the Products remain exclusively with Picus Security or its licensors. The Products are valuable, proprietary, and unique, and You agree to be bound by and observe the proprietary nature of the Products. The Products contain material that is protected by patent, copyright and trade secret law, and by international treaty provisions. The Products may include software products licensed from third parties. In such cases, such third parties have no obligations or liability to You under this Agreement but are third party beneficiaries of this Agreement. All rights not granted to You in this Agreement are reserved to Picus Security. If You have subscribed the Products, no ownership of the Products passes to You. If you have licensed the product with a Perpetual usage right, You are only eligible of using the product in line with the General Restrictions and other sections of this agreement. Picus Security may make changes to the Products at any time without notice. Except as otherwise expressly provided, Picus Security grants no express or implied right under Picus Security patents, copyrights, trademarks, or other intellectual property rights. You may not remove any proprietary notice of Picus Security or any third party from the Products or any copy of the Products, without Picus Security’s prior written consent. Limited Warranty and Disclaimer Limited Warranty: Picus Security warrants that, for a period of sixty (60) days from the purchase date (“Warranty Period”), the Software licensed hereunder (including Upgrades provided within the Warranty Period for the remainder of the Warranty Period) will perform substantially in accordance with the Documentation. Exclusive Remedy: In case of any breach of the above limited warranty, Picus Security will repair or replace the Software or if such repair or replacement would in Picus Security’s opinion be commercially unreasonable, refund the price paid by you for the applicable Software. Exclusion of Warranty: The above Limited Warranty will not apply if: the Software is not used in accordance with this Agreement or the Documentation, the Software or any part thereof has been modified by any entity other than Picus Security or a malfunction in the Software if it has been used on a platform not supported by Picus Security. Disclaimer: THE ABOVE WARRANTIES ARE YOUR EXCLUSIVE WARRANTIES AND REPLACE ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. EXCEPT FOR THE LIMITED WARRANTY SET FORTH ABOVE, THE SOFTWARE IS PROVIDED “AS IS” AND PICUS SECURITY MAKES NO WARRANTY OR GUARANTEE AS TO ITS USE OR PERFORMANCE AND DOES NOT WARRANT OR GUARANTEE THAT THE OPERATION OF THE SOFTWARE WILL BE FAIL SAFE, UNINTERRUPTED OR FREE FROM ERRORS OR DEFECTS OR THAT THE SOFTWARE WILL PROTECT AGAINST ALL POSSIBLE THREATS OR IDENTIFY ALL POSSIBLE CYBER ATTACKS A SECURITY DEVICE MAY OR MAYNOT PROTECT AGAINST. Exceptions: Some states or jurisdictions do not allow the exclusion of express or implied warranties, so the above disclaimer may not apply to you. IN THAT EVENT, SUCH EXPRESS OR IMPLIED WARRANTIES SHALL BE LIMITED IN DURATION TO THE WARRANTY PERIOD (OR THE MINIMUM PERIOD REQUIRED BY THE APPLICABLE LAW). Limitation of Remedies and Damages NOTWITHSTANDING ANYTHING IN THIS AGREEMENT TO THE CONTRARY, PICUS SECURITY, ITS AFFILIATES, ITS LICENSORS OR AUTHORIZED PARTNERS WILL NOT BE LIABLE FOR ANY INDIRECT, CONSEQUENTIAL, SPECIAL, PUNITIVE OR INCIDENTAL DAMAGES, WHETHER FORESEEABLE OR UNFORESEEABLE, ARISING OUT OF OR RELATED TO THIS AGREEMENT INCLUDING, BUT NOT LIMITED TO CLAIMS FOR LOSS OF DATA, GOODWILL, OPPORTUNITY, REVENUE, PROFITS, OR USE OF THE PRODUCTS, INTERRUPTION IN USE OR AVAILABILITY OF DATA, STOPPAGE OF OTHER WORK OR IMPAIRMENT OF OTHER ASSETS, PRIVACY, ACCESS TO OR USE OF ANY ADDRESSES, EXECUTABLES OR FILES THAT SHOULD HAVE BEEN LOCATED OR BLOCKED, NEGLIGENCE, BREACH OF CONTRACT, TORT OR OTHERWISE AND THIRD PARTY CLAIMS, EVEN IF PICUS SECURITY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT WILL PICUS SECURITY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE TOTAL AMOUNT ACTUALLY RECEIVED BY PICUS SECURITY FOR THE APPLICABLE PRODUCTS OVER THE ONE YEAR PERIOD PRIOR TO THE EVENT OUT OF WHICH THE CLAIM AROSE FOR THE PRODUCTS THAT DIRECTLY CAUSED THE LIABILITY. Intellectual Property Indemnity Picus Security shall have the right, but not the obligation, to defend or settle, at its option, any action at law against You arising from a claim that Your permitted use of the Product under this Agreement infringes any patent, copyright, or other ownership rights of a third party. You agree to provide Picus Secrity with written notice of any such claim within ten (10) days of Your notice thereof and provide reasonable assistance in its defense. Picus Security has sole discretion and control over such defense and all negotiations for a settlement or compromise, unless it declines to defend or settle, in which case, You are free to pursue any alternative You may have. Termination Without prejudice to your payment obligations, you may terminate your licence at any time by uninstalling the Software. Picus Security may terminate your licence in the event that you materially breach the terms of this Agreement and you fail to cure such breach within thirty (30) days of receiving notice of such breach. Upon such termination, you shall promptly return or destroy all copies of the Software and Documentation. Additional Terms Evaluation Software: If the Software has been identified as “Evaluation Software”, then the provisions of this section apply and shall supersede any other conflicting term of this agreement. Your royalty-free, non=transferable, limited licence to use the Evaluation Software, for evaluation purposes only, is limited to fifteen (15) days unless otherwise agreed to in writing by Picus Security. The Evaluation Software may contain errors or other problems that could cause system or other failures and data loss. Consequently, Evaluation Software is provided to you “AS IS” and Picus Security disclaims any warranty or liability obligations to you of any kind. Any information about the Evaluation Software gathered from its use shall be used solely for evaluation purposes and shall not be provided to any third parties. The restrictions described in Section 3 e) apply. If you fail to destroy the Evaluation Software after the evaluation period has expired, Picus Security may, at its discretion, invoice you in an amount equal to the Picus Security List Price for the Evaluation Software and you shall pay such invoice upon receipt. Data Rights: You agree that Picus Security will collect, store, process and track technical and related information about You and Your use of the Software, which may include Your internet protocol addresses that Peers will be installed on, security devices configuration and their success blocking Picus attacks, and Software usage statistics to assist with the necessary operation and function of the Software, the provision of updates, support, invoicing, marketing by Picus Security or its agents, and research and development. Audit Picus Security may, at its expense, upon reasonable prior written notice to you and during standard business hours, audit you with respect to your compliance with the terms of this Agreement no more than once per year. You understand and acknowledge that Picus Security utilizes a number of methods to verify and support software use by its customers. These methods may include technological features of the Software that prevent unauthorized use and provide Software deployment verification. Upon reasonable request, you will provide a system-generated report verifying your Software deployment, such request to occur no more than two (2) times per year. Picus Security will not unreasonably interfere with the conduct of your business. Export Controls You acknowledge that the Software is subject to Republic of Turkey, US, UK, and, when applicable, European Union export regulations. You shall comply with applicable export and import laws and regulations for the jurisdiction in which the Software will be imported and/or exported. You shall not export the Software to any individual, entity or country prohibited by applicable law or regulation. You are responsible, at your own expense, for any local government permits, licenses or approvals required for importing and/or exporting the Software. You warrant and agree that You are not: (i) located in, under the control of, or a national or resident of Cuba, North Korea, Iran, Syria, Lebanon or Sudan or (ii) on the U.S Treasury Department list of Specially Designated Nationals or the U.S. Commerce Department’s Table of Deny Orders. Governing Law This Agreement shall be governed by and construed in accordance with the laws of the United Kingdom, and the parties irrevocably submit to the non-exclusive jurisdiction of the London courts. Exclusive jurisdiction for litigation of any dispute, controversy or claim arising out of or in connection with this Agreement, or breach thereof shall be only in the United Kingdom courts with competent jurisdiction located in London. Confidentiality Each Party hereto acknowledges that by reason of its relationship with the other party hereunder, it may have access to confidential information and materials concerning the other party’s business, technology, and/or products that is confidential and of substantial value to the other Party, which value could be impaired if such information were disclosed to third parties (“Confidential Information”). Written or other tangible Confidential Information must at the time of disclosure be identified and labelled as Confidential Information belonging to the disclosing Party. When disclosed orally or visually, Confidential Information must be identified as confidential at the time of the disclosure, with subsequent confirmation in writing within fifteen (15) days after disclosure. Each Party agrees that it will not use in any way for its own account or the account of any third party, such Confidential Information, except as authorized under this Agreement, and will protect Confidential Information at least to the same extent as it protects its own Confidential Information and to the same extent that a reasonable person would protect such Confidential Information. Neither Party may use the other Party’s Confidential Information except to perform its duties under this Agreement. The Confidential Information restrictions will not apply to Confidential Information that is (i) already known to the receiving Party, (ii) becomes publicly available through no wrongful act of the receiving Party, (iii) independently developed by the receiving Party without benefit of the disclosing Party’s Confidential Information, (iv) has been rightfully received from a third party not under obligation of confidentiality or (v) is required to be disclosed by law, provided the Party compelled to disclose the Confidential Information provides the Party owning the Confidential Information with prior written notice of disclosure adequate for the owning Party to take reasonable action to prevent such disclosure, where reasonably possible. Unless otherwise agreed to by both Parties, upon termination of this Agreement or an applicable Addendum, each Party will return the other Party’s Confidential Information. Miscellaneous. Except for actions for non-payment or breach of Picus Security’s proprietary rights in the Software and Documentation, no action, regardless of form, arising out of this Agreement may be brought by either party more than 2 years after a party knew or should have known of the claim. Any terms of this Agreement which by their nature should survive the termination of this Agreement shall survive such termination. This Agreement, including all documents incorporated by reference, represents the entire agreement between the parties and expressly supersedes and cancels any other communication, representation or advertising whether oral or written, on the subjects herein. If you issue an order to an Authorized Partner or to Picus Security and the terms and conditions of the order conflict with the terms and conditions of a) this Agreement or b) the Product License Certificate, then the terms and conditions specified in this Agreement and in the Product License Certificate shall control. This Agreement may not be modified except by a written addendum issued by a duly authorized representative of Picus Security. No provision hereof shall be deemed waived unless such waiver shall be in writing and signed by Picus Security. If any provision of this Agreement is held invalid, the remainder of this Agreement shall continue in full force and effect. Each party will comply with all applicable laws and regulations, including those of other jurisdictions that may apply concerning the protection of personal data, and anti-bribery. You must obtain any required employee consents addressing the interception, reading, copying or filtering of emails and their attachments. Neither party will use any data obtained via the Products for any unlawful purpose. All notices, requests, demands and determinations for Picus Security under this Agreement (other than routine operational communications) shall be sent to: the applicable entity address on the first page of this Agreement addressed to “Attention: Legal Department”. For the purposes of customer service, technical support, and as a means of facilitating interactions with its end-users, Picus Security may periodically send You messages of an informational or advertising nature via email, and provide account information to related third-parties (e.g. Your Authorized Partner). You may choose to “opt-out” of receiving these messages or information sharing by sending an email to optoutlegal@picussecurity.com requesting the opt-out. You acknowledge and agree that by sending such email and “opting out” it will not receive emails containing messages concerning upgrades and enhancements to Products. However, Picus Security may still send emails of a technical nature. You acknowledge that Picus Security may use your company name only in a general list of Picus Security customers. Picus Security owns any suggestions, ideas, enhancement requests, feedback, or recommendations provided by You relating to the Products. Picus Security may use non-identifying and aggregate usage and statistical information related to You and your users’ use of the Products for its own purposes outside of the Agreement. You may not transfer any of your rights to use the Products or assign this Agreement to another person or entity, without first obtaining prior written approval from Picus Security. Any notice required or permitted under this Agreement or required by law must be in writing and must be (i) delivered in person, (ii) sent by first class registered mail, or air mail, as appropriate, or (iii) sent by an internationally recognized overnight air courier, in each case properly posted and fully prepaid. Notices sent to Picus Security must be sent to the attention of the Picus Bilisim Guvenlik Ticaret Anonim Sirketi, at Üniversiteler Mah. 1596. Cad. Arge 1 No: 12 Beytepe 06800 Çankaya ANKARA TURKEY. Notices are considered to have been given at the time of actual delivery in person, two (2) business days after deposit in the mail as set forth above, or one (1) day after delivery to an overnight air courier service. Either party may change its contact person for notices and/or address for notice by means of notice to the other party given in accordance with this paragraph. Neither party will be liable for any delay or failure in performance to the extent the delay or failure is caused by events beyond the party’s reasonable control, including, fire, flood, acts of God, explosion, war or the engagement of hostilities, strike, embargo, labor dispute, government requirement, civil disturbances, civil or military authority, disturbances to the Internet, and inability to secure materials or transportation facilities. This Agreement constitutes the entire agreement between the parties regarding the subject matter herein and the parties have not relied on any promise, representation, or warranty, express or implied, that is not in this Agreement. Any waiver or modification of this Agreement is only effective if it is in writing and signed by both parties or posted by Picus Security at http://www.Picus Security.com/legal. All pre-printed or standard terms of any of your purchase order or other business processing document have no effect. In the event of a conflict between the terms of this Agreement and the terms of an Order, the terms of this Agreement prevail. If any part of this Agreement is found invalid or unenforceable by a court of competent jurisdiction, the remainder of this Agreement shall be interpreted so as reasonably to affect the intention of the parties. Picus Security is not obligated under any other agreements unless they are in writing and signed by an authorized representative of Picus Security.