End-User License Agreement for VECTR™ Community Edition by Security Risk Advisors 

This End-User License Agreement (this “EULA”) is a legal agreement between you (either an individual or an entity) (“Customer” or “you”) and Security Risk Advisors Platforms, LLC (“Security Risk Advisors”) governing the terms of use by Customer of the software identified as VECTR™ Community Edition (the “Software”) and any associated media, printed materials and online or electronic documentation that may be provided by Security Risk Advisors with respect to the Software (collectively, the “Software Materials”). The Software and the Software Materials are sometimes referred to collectively as the “Software Product.” 

 

BY CLICKING “I AGREE” OR TAKING ANY STEP TO INSTALL, COPY OR USE THE SOFTWARE OR ANY SOFTWARE MATERIALS, YOU ARE AGREEING TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS EULA. IF YOU DO NOT AGREE WITH ANY SUCH TERMS AND CONDITIONS, DO NOT CLICK “I AGREE” OR OTHERWISE TAKE ANY STEP TO INSTALL, COPY OR USE THE SOFTWARE OR ANY SOFTWARE MATERIALS. 

 

    NATURE OF LICENSE. The Software is being distributed as freeware for certain personal and professional internal uses as described herein. Customer acknowledges and agrees that Customer is not permitted to charge for or otherwise receive any pecuniary benefit for using or distributing the Software Product (either for profit or merely to recover Customer’s media and distribution costs), whether as a stand-alone product or as part of a package, compilation, or anthology. For absolute clarity, VECTR™ Community Edition may not be utilized in a for-profit service, advertising/marketing campaign, and/or as part of a product package delivered by any party other than Security Risk Advisors. 

 

    GRANT OF LICENSE. Security Risk Advisors herewith grants to Customer the non-exclusive, non-transferrable and non-sub-licensable right to install, run, access and use the Software Product in strict compliance with the terms and conditions set forth in this EULA and with all applicable laws. Pursuant to this grant, Customer shall have the following rights: 

 

    Installation, Access, and Use. Customer may install, access and use an unlimited number of copies of the Software Product (i) on Customer’s computers for the purpose of conducting internal Purple Team threat simulation, reporting and analysis and/or for recreational purposes; or (ii) on the computers of third parties for the purpose of providing support on Customer internally-driven Purple Team threat simulation, reporting and analysis for Customer, provided that supporting third party’s final written report states that the services were performed not-for-profit using the Software Materials, identifying Security Risk Advisors as the owner of the VECTR™ Software and including all applicable copyright and trademark notices with respect to the Software. For additional clarification, Customer may not utilize the Software for any third party to conduct a Purple Team threat simulation as part of a for-profit delivered product, package and/or service. Customer acknowledges and agrees that Customer shall be solely responsible for the installation and configuration of the Software Product, and that Security Risk Advisors has no obligations with respect to such installation and/or configuration. If support is requested by Security Risk Advisors for installation, configuration and/or additional support, a VECTR™ Enterprise License may be required. 

 

    Reproduction and Distribution. Customer may reproduce and distribute an unlimited number of copies of the Software Product, provided that (i) each copy shall be a true and complete copy, including all copyright and trademark notices, and shall be accompanied by a copy of this EULA; 

(ii) the Software Product or any component thereof is not sold or included in a product offered for sale by Customer or any agent thereof. 

 

    CERTAIN PROHIBITED ACTIVITIES. In addition to the restrictions set forth in Section 2, the following activities are prohibited: 

    Prohibition on Reverse Engineering, etc. Customer shall not, and shall not permit any third party to, decompile, reverse engineer, disassemble or otherwise attempt to derive, analyze or use any source code or underlying ideas or algorithms related to the Software by any means whatsoever. Notwithstanding anything to the contrary, Customer is allowed to perform penetration testing and security assessment training on the Software Product. Security Risk Advisors requests any significant vulnerabilities found be reported to the VECTR™ Security reporting page on GitHub (https://github.com/SecurityRiskAdvisors/VECTR/security). 

    Restrictions on Databases. Customer shall not, and shall not permit any third party to, use the Software Product to build a database that includes results from more than one third party (for example, an industry-specific database), without the prior written consent of Security Risk Advisors (which consent may be withheld or conditioned in Security Risk Advisor’s sole discretion). 

 

    No Separation of Components. The Software Product is licensed as a single product. Its component parts may not be separated for use on more than one computer. 

    No Transfer. Customer has no right to assign or otherwise transfer any of its rights under this EULA, whether voluntarily or by operation of law. Any attempted assignment or other transfer in violation of this Section 3(d) shall be null and void. 

 

    CERTAIN RIGHTS OF SECURITY RISK ADVISORS 

    Updates and Maintenance. Security Risk Advisors may, but shall not be obligated to, update the Software and the Software Materials from time to time. Security Risk has no obligation to distribute, update or maintain any version of the Software or the Software Materials. 

 

    Use of Data. Subject to applicable privacy laws, Customer agrees that Security Risk Advisors may collect and use data provided by GitHub on Customer’s download and/or use of the Software Product for any lawful purpose. 

 

    Right to Amend EULA. Security Risk Advisors shall be entitled to amend this EULA at its sole discretion by posting via the GitHub site which initiates a thirty (30) days’ notice to Customer before the EULA is deemed active and enforceable. Unless Customer notifies Security Risk Advisors in writing of its objection to such amendment within the thirty (30) day window of such notice, Customer shall be deemed to have waived its right to pre-emptively object to such amendment, which shall be deemed accepted by Customer. If Customer notifies Security Risk Advisors in writing of its objection to such amendment, Security Risk Advisors, in their sole discretion, may grant the Customer a written continuation of this EULA under the existing terms. 

    Termination Rights. Without prejudice to any other rights it may have, Security Risk Advisors shall have the right to terminate this EULA if Customer fails to comply with any of the terms and conditions hereof. In such event, Customer must (i) destroy and/or delete, as applicable, all copies of the Software Product and all its component parts and (ii) provide written confirmation to Security Risk Advisors of such destruction and/or deletion. 

 

    RETENTION OF RIGHTS; COPYRIGHT PROTECTION. Security Risk Advisors retains all right, title and interest in and to the Software Product (including, without limitation, any images, photographs, clipart, libraries and examples incorporated into the Software Product and any updates to the Software Product that may be provided by Security Risk Advisors) and in and to all copies, modifications and derivative works of the Software Product, including, without limitation, all rights in and to patent, copyright, trade secret, trademark and other proprietary or intellectual property rights. 

 

The Software Product is protected by copyright laws and international treaty provisions, and Customer shall be required to treat the Software Product like any other copyrighted material. Without limiting the generality of the foregoing, Customer shall not remove any product identification, copyright or other notices in or on the Software Product or any part thereof. 

 

    CONFIDENTIALITY. The Software Product constitutes confidential and/or proprietary information and trade secrets of Security Risk Advisors. Customer agrees to hold in strict confidence and not disclose the Software Product or any part thereof to any third party and will use the Software Product only in accordance with this EULA. 

 

    INDEMNIFICATION. Customer shall and hereby does indemnify, defend and hold Security Risk Advisors, its affiliates and their respective equity holders, officers, directors, employees, agents and assigns harmless from and against any and all liabilities, losses, costs, expenses, settlement amounts, and damages (including reasonable attorneys' fees and expenses, investigation costs and amounts paid in settlement) incurred by any of them arising from or relating to Customer’s use of the Software Product or Customer's breach of any provision of this EULA. 

 

    RIGHT TO EQUITABLE RELIEF. Customer acknowledges and agrees that any breach or threatened breach of this EULA would result in irreparable harm to Security Risk Advisors, and that monetary damages would not be an adequate remedy. Customer further acknowledges and agrees that in the event of any such breach or threatened breach, Security Risk Advisors shall be entitled, without prejudice to its other available rights and remedies, to equitable relief from a court, including injunctive relief, without the need for Security Risk Advisors to post any bond or other security. 

 

    GOVERNING LAW; CONSENT TO JURISDICTION. This EULA shall be governed by the laws of the Commonwealth of Pennsylvania, United States of America, without regard to principles of conflicts of law. The parties hereby agree to opt out of the United Nations Convention on Contracts for the International Sale of Goods, as amended. Each of Customer and Security Risk Advisors hereby unconditionally and irrevocably (i) consents to the exclusive jurisdiction of the federal and/or state courts located in Allegheny County, Pennsylvania, with respect to any action, suit or proceeding arising out of or relating to this EULA or the transactions contemplated hereby, and (ii) waives any objection with respect to such courts for the purpose of any such action, suit or proceeding. 

 

    SEVERABLITY; NO WAIVER. If any provision of this EULA is found partly or wholly illegal or unenforceable, such provision shall be enforced to the maximum extent permissible, and the remaining provisions of this EULA shall remain in full force and effect. A waiver of any breach or default under this EULA shall not constitute a waiver of any other subsequent breach or default. 

    NO WARRANTIES. THE SOFTWARE PRODUCT IS PROVIDED “AS IS, WITHOUT WARRANTIES OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SECURITY RISK ADVISORS EXPRESSLY DISCLAIMS ALL WARRANTIES WITH RESPECT TO THE SOFTWARE PRODUCT, WHETHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS. SECURITY RISK ADVISORS MAKES NO WARRANTIES OR REPRESENTATIONS THAT THE SOFTWARE OR ANY SERVICES WILL MEET CUSTOMER’S REQUIREMENTS OR THAT OPERATION OR USE OF THE SOFTWARE PRODUCT WILL BE UNINTERRUPTED OR ERROR-FREE. 

 

    LIMITATIONS ON LIABILITY. To the fullest extent permitted by applicable law, in no event shall Security Risk Advisors be liable for any special, consequential, incidental or indirect damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information or any other pecuniary loss) arising out of the use of or inability to use the Software Product, even if Security Risk Advisors is aware of the possibility of such damages. 

 

    RELATIONSHIP OF THE PARTIES. This EULA, does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the parties. Any establishment of support by SRA shall be done so through an executed VECTR™ Enterprise license. 

 

    NOT FOR PROFIT. For the avoidance of doubt, Customer may not profit and/or receive financial benefits from 3rd parties through utilization of the Software Product and/or Software Materials under this EULA.  

 

    RESELLING LICENSE. To avoid any misunderstanding, If Customer seeks to resell VECTR™ to 3rd parties for profit, financial gain, and/or additional reasoning that is non-compliant with this EULA, direct written authorization from Security Risk Advisors is required, including the possibility of purchasing a VECTR™ Enterprise license. Please contact Security Risk Advisors (SRA.io) directly to inquire for more details.