Terms & Conditions

General

Last Updated on April 5, 2023

Introduction

These Terms of Use (together with any Supplemental Terms provided at https://www.cobalt.io/terms, the “Agreement”) form a binding contract between Us and You; by using the Services, You are agreeing to enter into a legal contract with Us, and to comply with the terms and conditions described here, which govern any use of the Services.

If You do not agree to the terms presented in this Agreement, or if You do not meet the eligibility requirements described in this Agreement, You have no right to use the Services, and should terminate Your access, including use of the Cobalt website, immediately.

Cobalt reserves the right to  change this Agreement (and the Services, including any fees), at any time and without giving advance notice. All such changes will be posted on the Site or subject to notice.  By continuing to access or use the Site or Services after We have posted such a change, or have provided You with notice of it, You are agreeing to be bound by the Agreement as updated.

Disputes arising hereunder will be resolved by binding arbitration, and BY ACCEPTING THIS AGREEMENT, YOU AND COBALT ARE EACH WAIVING THE RIGHT TO A TRIAL BY JURY OR TO PARTICIPATE IN A CLASS ACTION. YOU AGREE TO GIVE UP YOUR RIGHT TO GO TO COURT to assert or defend Your rights under this contract (except for matters that may be taken to small claims court). Your rights will be determined by a NEUTRAL ARBITRATOR and NOT a judge or jury and Your claims cannot be brought as a class action. Please review the Arbitration Agreement in Section 12 below for the details regarding Your agreement to arbitrate any disputes with Cobalt.

1. Parties and Scope of Agreement

Parties, Authority, and Eligibility

“You” or “Your” or “Customer” refers to you as an end user of the Services, and, if you are accessing the Services on behalf of a legal organization, that legal organization; You agree that You have the authority to enter into this Agreement and to bind that legal organization to the terms of this Agreement. You further agree that You are 18 years of age or older.

“Us”, “We”, “Our” or “Cobalt” means Cobalt Labs, Inc., a Delaware Corporation.

Scope of this Agreement, Other Agreements

This Agreement makes reference to a number of other supplemental agreements which You may also be agreeing to by agreeing to this Agreement, and which You can find here (the “Policies”):

• Privacy Policy
• Terms for Running a Security Program
• Professional Services Addendum

In the event that the terms of this Agreement conflict with the terms of any other supplemental agreement named here, the terms of the supplemental agreement will govern (including with respect to a mutually executed Sales Order or SOW).

Capitalized terms having the meaning ascribed to the Definitions Section.

2. Sales Orders, Invoicing and Payment.  

Sales Orders

Services are ordered via Sales Orders, each of which shall be deemed to be incorporated herein by reference.  Each Sales Order shall specify, as applicable, the particular Services ordered (including a description thereof), the quantity of Service(s) ordered, the fees for the Service(s) and the term of the Sales Order (“Order Term”).  A Customer Affiliate may enter into a Sales Order pursuant to this Agreement, by which the Affiliate agrees to be bound by the terms and conditions of this Agreement; provided, that the Customer entity that executes an applicable Sales Order shall be responsible for any of its Affiliates’ compliance with the terms and conditions of this Agreement. By executing a Sales Order for Services, a Customer expressly permits Cobalt to conduct any tasks necessary to facilitate penetration testing of Customers’ Network, Applications, and/or other assets (as applicable). 

Invoicing and Payment

Cobalt will invoice in accordance as set forth in the Sales Order; provided, that notwithstanding the Sales Order, if Credits are used in advance of full payment being made, Cobalt may invoice immediately. Customer will pay all fees within fifteen (15) days of the date of the invoice unless otherwise set forth in the Sales Order.  All fees exclude applicable taxes and Customer shall be responsible for the payment of all use, services, withholding or similar taxes on the use or sale of the Services. Any overdue invoices will accrue late interest at the rate of 1.5% of the outstanding balance per month or the greatest amount allowed by applicable law, whichever is lower, plus all expenses of collection.

Price Changes

Future renewals of Services purchased under a particular Sales Order will occur at the then-current Credit price.  

Suspension of Service for Non-Payment 

In the event full payment of any undisputed invoice is not received by the invoice due date, we will provide you with notice of non-payment. Unless the full amount not in dispute has been paid within thirty (30) days after such notice, we may suspend your access to the Services. We will not suspend your access to the Services while you are disputing the applicable charges reasonably and in good faith and are cooperating diligently to resolve the dispute. 

Autorenewal 

Each Sales Order shall remain in effect for the term as specified in the applicable Sales Order, and will automatically renew for additional terms of one (1) year on an annual basis, or as otherwise provided for in the Sales Order, unless notice of non-renewal is provided at least 60 (sixty) days prior to the then-current Services End Date of the Sales Order (“Notice Period”), provided that the Services will be provided by Cobalt only during the Order Term. In the event of any price changes, Cobalt will notify Customer at least thirty (30) days prior to the Notice Period.

3. Feedback, Credits, Tiers, Reports, and Security Pentesters

Feedback

You may submit feedback, comments and suggestions for improvements to the Services ("Feedback") by emailing Us at info@cobalt.io or through the about section of the Site. By submitting Feedback, you irrevocably transfer all ownership in such Feedback to Cobalt, and waive any and all rights, including intellectual property rights to the extent such attach to the Feedback under applicable law, in favor of Cobalt. 

Pentesting Types. Cobalt offers its Services through two distinct penetration testing types: (1) Comprehensive testing, constituting a traditional pentest (subject to the conditions and restrictions established herein and in related documentation ), and (2) Agile testing, which consists of a more limited pentest. Agile testing is a narrowly targeted test of an asset of limited size where specific context or knowledge of environment is not required to undertake the test. Cobalt has the discretion to determine whether a particular asset or test scope is appropriate for Agile testing or Comprehensive testing. Agile testing comes with an automated report that is not subject to customization opportunities, even at Premium or Enterprise Tiers.

Credits

Cobalt will scope Services based on projected level of effort as expressed in Credits, to be reflected in your Cobalt Account after purchase. The level of Services associated with each Credit will vary depending on the applicable Tier to which a Customer has subscribed. The price and Tier associated with a purchased Credit will be set forth on your Sales Order. Credits must be used by the end of the  service period, or the end of each annualized service period on a multi year purchase, on an applicable Sales Order (which is, absent written variation in the Sales Order, 12 months following Services start date). For the purposes of this Section, “used” means the completion of any Security Program for which the Credits are allocated for, and in the even Customer is not renewing, the completion of any applicable retesting. 

Tiers

Access to Cobalt’s Services is provisioned across service levels  that define the features and functionality associated with your Cobalt Account (“Tiers”). The features and functionality associated with each Tier is more fully set out here. The Tier associated with your Cobalt Account will be selected and will be reflected on the applicable Sales Order. A Customer Cobalt Account may only be associated with one Tier at a time during their subscription. Tiers may be upgraded, but not downgraded, prior to the end of your subscription period. Cobalt reserves the right, at its sole discretion, to modify, enhance, or remove features of the Tiers, at any time upon prior notice (electronically via the Site), provided that such modifications do not materially diminish the functionality of Services associated with such Tier. 

Vulnerability Report

Cobalt will produce a Vulnerability Report detailing findings uncovered during performance of the Services. Vulnerability Reports are not customizable, except where your Services Tier includes Vulnerability Report customization. Cobalt acts as a third-party assessor and possesses a degree of independence in authoring  Vulnerability Reports, and as such, Cobalt will not remove or minimize findings in a Vulnerability Report at a Customer’s request without a sufficient factual basis for so doing. 

Security Pentesters

Security Pentesters are independent third parties who are retained by Cobalt to assist in providing Services.  Customer acknowledges that Security Pentesters are not contingent workers engaged directly by the Customer. Security Pentesters provide Services through Cobalt and as such, do not and shall not enter into contracts directly with Customer. Cobalt will not facilitate the exchange of, or execution of, any agreements directly between a Security Pentester and Customer, including without limitation, any non-disclosure agreement or similar document. 

Customer Pentester Requests

At the Enterprise Tier, Cobalt will accommodate special requests regarding the pentesters performing Services for the Customer. This includes requests that Cobalt (a) staff a test with pentesters from a specific region or time zone, or (b) ensure that pentesters communicate with customer and/or perform testing at specified times. Other requests may be facilitated on a case-by-case basis. All custom requests are subject to Cobalt availability. Cobalt may not be able to accommodate more than one such request per test. Customers should check with their Cobalt-assigned CSM to determine whether a particular request may be accommodated.

Pentester Eligibility

Cobalt represents and warrants that each Security Pentester is not: (a) a resident or national of any country subject to a United States embargo or other similar United States export restrictions; (b) on the United States Treasury Department’s list of Specifically Designated Nationals as defined under Applicable Laws; (c) on the United States Department of Commerce’s Denied Persons List or Entity List as defined under Applicable Laws; or (d) identified by the United States government as a prohibited end user of United States export controlled items or otherwise subject to sanctions or similar laws, regulations, or executive orders. 

Professional Services

The Services provided via the Site exclude Professional Services provided pursuant to an SOW. Any provision of Professional Services will be scoped on a per engagement basis via SOW and shall be subject to additional terms set forth in the Cobalt Professional Services Addendum.

4. Account & Use

Creating an Account

Customers must register as a User on the Site and create a Customer account and profile page ("Cobalt Account") to access the Services.

Customers may also choose to register on the Site using certain third party sites for which log-in support has been provided by Cobalt (each a, “Third Party Service Provider”); each such account, a "Third Party Account", via the Site, as described below. Customer may link a Cobalt Account with Third Party Accounts, by either: (i) providing the applicable Third Party Account login information to Cobalt through the Site or Services; or (ii) allowing Cobalt to access Customer’s Third Party Account, to the extent  permitted under the applicable terms and conditions that govern the use of such Third Party Accounts. By using a Third Party Service Provider, Customer represents that (i) it is entitled to disclose Third Party Account login information to Cobalt and/or grant Cobalt access to such Third Party Accounts, without breach of any of the terms and conditions that govern use of the applicable Third Party Accounts and without obligating Cobalt to pay any fees and (ii) it allows Cobalt to access, utilize, and store (if applicable) and content or information from such Third Party Account in order to provide access to the Site.

User Eligibility

Customer represents and warrants that each User is not: (a) a resident or national of any country subject to a United States embargo or other similar United States export restrictions; (b) on the United States Treasury Department’s list of Specifically Designated Nationals as defined under Applicable Laws; (c) on the United States Department of Commerce Denied Persons List or Entity List as defined under Applicable Laws; or (d) identified by the United States government as a prohibited end user of United States export controlled items or otherwise subject to sanctions or similar laws, regulations, or executive orders.

Suspension of Cobalt Services

Cobalt may, in its sole discretion, immediately suspend or terminate Customer’s Cobalt Account and/or access to or use of the Cobalt Services by Customer generally or as to any specific User if, in Cobalt’s reasonable judgment: (i) any information provided by Customer proves to be materially inaccurate, to the detriment of Cobalt; (ii)  the Cobalt Services or any component thereof may suffer a significant threat to security or functionality caused by continued access to or use of the Cobalt Services by Customer; (iii) if for any reason a Security Program is not capable of running as planned, due to causes beyond the control of Cobalt; or (iv) Customer or an individual User has violated any of the Acceptable Use restrictions . In the event Services are suspended pursuant to this paragraph, Cobalt shall provide notice of the suspension as soon as practicable.  Cobalt shall use reasonable efforts to re-establish the affected Cobalt Services promptly after the cause underlying such suspension has been cured Where suspension is caused by an act or omission of Customer, then failure to timely cure such cause by Customer within thirty (30) days following notice shall be a material breach of this Agreement.  Any suspension or termination by Cobalt under this Section will not excuse or release Customer from its obligation to make payment(s) under any Sales Orders in effect at the time of termination.

If for any reason the Security Program is not capable of running as planned, due to causes beyond the control of Cobalt, Cobalt reserves the right at its sole discretion to cancel, terminate, modify, or suspend a Security Program. Additionally, Cobalt and Customer may mutually agree to cancel, terminate, modify, or suspend a Security Program if needed.

Acceptable Use

Prohibited Use. In connection with Customer’s  use of Cobalt’s Services, Customer and its Users will not:

• violate any Applicable Laws, including, without limitation, privacy laws;
• use manual or automated software, devices, scripts, robots, other means or processes to access, "scrape," "crawl" or "spider" and/or  probe, scan, or test the vulnerability of the Site or Services;
• use the Services or Cobalt Content on behalf of for the benefit of any third party except where undertaken pursuant to a valid Cobalt reseller agreement or otherwise as expressly authorized in writing by Cobalt;
• copy, store, modify, prepare derivative works based upon, distribute, license, sell, transfer, publicly display, publicly perform, transmit, broadcast, attempt to recreate or otherwise exploit any software forming a part of the Site or the Cobalt Content except as expressly permitted under this Agreement
• infringe the rights of any person or entity, including without limitation, their intellectual property, privacy, publicity or contractual rights;
• interfere with or damage Cobalt’s Site or Services( including, without limitation, through the use of viruses, bots, malicious code, ,  or denial-of-service attacks) or avoid, bypass, impair, or otherwise circumvent any technological measure implemented by Cobalt or any of Cobalt’s providers or any other third party
• contact a Security Pentester for any purpose other than communication related to a Security Program;
• use the Site or Services in an unauthorized manner. 

Customer acknowledges and agrees that Cobalt has no obligation to monitor Customer’s access to or use of the Services or to review or edit any Customer Data. Cobalt reserves the right, at any time and without prior notice, to remove or disable access to any Customer Data that Cobalt, at its sole discretion, considers to be objectionable, in violation of this Agreement or otherwise harmful to the Services.

 
Affirmative Obligations. In connection with Your use of the Services, You agree that:

• You are solely responsible for compliance with any and all Applicable Laws, rules, regulations, and tax obligations that may apply to Your use of the Site, Services and Content.
• You will provide accurate, current and complete information during the registration process and to update such information to keep it accurate, current and complete.
• You are responsible for safeguarding Your password and other sensitive credentials and Content; 
• You will immediately notify Cobalt of any unauthorized use of Your Cobalt Account.

Remedial Action

We may, in Our sole discretion and at any time, with Cause and with or without prior notice:terminate, modify or restrict Your access to the ServicesUnless otherwise specified in the Sales Order, “Cause” shall mean (a) a material breach by You of this Agreement, including but not limited to any breach of the restrictions described herein, (b) a material breach of a Sales Order, where such breach is not cured within 30 days following Your receipt of e-mail or other notice of such breach, and (c) violation of any third party right or of Applicable Law, as determined in Cobalt’s sole discretion.

5. Privacy 

See Cobalt’s Privacy Policy, which is hereby incorporated by reference, and to which You agree to be bound.

6. Intellectual Property

Cobalt Rights, Licenses

Cobalt Property Ownership: You acknowledge and agree that Cobalt and/or its licensors own all right, title and interest to the Site, Services and Cobalt Content, including without limitation any techniques, ideas, concepts, methods, processes, software, utilities, data, documents, directories, designs, user interfaces, know-how, graphics, video content or other data or information acquired, created, developed or licensed by Cobalt and/or its licensors and all modifications, improvements and derivative works thereof and all associated Intellectual Property Rights (collectively as “Cobalt Property”).

Proprietary Rights Notice. All trademarks, service marks, logos, trade names and any other proprietary designations of Cobalt used herein are trademarks or registered trademarks of Cobalt. Any other trademarks, service marks, logos, trade names and any other proprietary designations are the trademarks or registered trademarks of their respective parties.

Cobalt License. Subject to Your compliance with this Agreement, Cobalt grants You a limited, world-wide, non-exclusive, non-transferable, non-sublicensable right and license, during the subscription term specified in a Sales Order, to (i) access and use the Site and Services ; and (ii) access and view any Cobalt Content contained on the Site solely for Your internal use in connection with Your use of the Services. Except as provided herein, You shall have no right to make the Site, Services or Cobalt Content available to, use the Site, Services or Cobalt Content on behalf of, or for the benefit of any third party without Cobalt’s express written authorization.  Except for the rights expressly licensed to You hereunder, Cobalt and its licensors reserve and retain all right, title and interest to the Site, Services and Cobalt Content.

No title, licenses, or other rights or interests are granted to You by implication or otherwise under any intellectual property rights owned or controlled by Cobalt or its licensors, except for the licenses and rights expressly granted in this Agreement.

Customer Rights, Licenses

The parties acknowledge and agree that You and/or Your licensors own all right, title and interest to the Applications/Networks and any Customer Data made available by the You through the Site or Services and any findings contained in the Vulnerability Reports created specifically and uniquely for the You, but excluding Cobalt Property or Security Pentester Property  and any Intellectual Property Rights therein.

Customer License Grants

Statistical Data

Cobalt collects high level, generic, anonymous, statistical and/or benchmarking data derived from Customer’s use of the Site and the Services  that is aggregated with other findings, results and information (the “Statistical Data”). All such Statistical Data is the sole and exclusive intellectual property of Cobalt; provided, that Cobalt shall in all cases refrain from publishing any Statistical Data or any insights or work derived therefrom in a manner that reveals (directly or indirectly)any specific person, Customer, Customer Data, Application, Customer Confidential Information or Network. 

Customer Data License Grant

You grant to Cobalt a worldwide, non-exclusive, non-transferable , royalty-free license and right to, during the Order Term, (i) use, access, view, copy, display, transmit and store Customer Data on, through or by means of the Site and Services solely to the extent necessary to operate, maintain, perform, and provide the Site and Services, (ii) use, access, view, copy,  and display, information relating to the Applications/Networks solely to the extent necessary to engage in testing and/or create the Vulnerability Reports or otherwise perform tasks in connection with the Security Program; and (iii) create, view, display, transmit and store Vulnerability Reports. You acknowledge that this license grant extends, to the extent necessary to facilitate performance of the Services, to Cobalt’s personnel and Security Pentesters. Except as expressly licensed herein, You shall retain all right, title and/or interest to the Applications/Network and all intellectual property rights therein, and except as expressly licensed herein, Cobalt shall obtain no right or license thereto.

You understand and agree that Cobalt shall have the right to share Customer contact details with third party partners and service providers in connection with the delivery of the Services and enabling such partners to offer other software and/or services as related to the Services.

Pentester Rights, Licenses

The parties acknowledge and agree that as between the parties, the Security Pentesters and/or their licensors reserve all right, title and interest to any techniques, methods, processes, or technical information acquired, created, developed or licensed by the Security Pentester prior to, independently of, and outside the scope of aSecurity Program and Vulnerability Report(s) thereto, and any intellectual property rights therein (“Security Pentester Property”), except as described in this Agreement.

Digital Millennium Copyright Act. 

If You believe that Your copyrighted work has been copied in a way that constitutes copyright infringement and is accessible via the Services, please notify our copyright agent, as set forth in the Digital Millennium Copyright Act of 1998 ("DMCA"). For Your complaint to be valid under the DMCA, You must provide the following information in writing to info@cobalt.io:

• An electronic or physical signature of a person authorized to act on behalf of the copyright owner;
• Identification of the copyrighted work that You claim has been infringed;
• Identification of the material that is claimed to be infringing and where it is located on the Service;
• Information reasonably sufficient to permit Us to contact You, such as Your address, telephone number, and, e-mail address;
• A statement that You have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or law; and
• A statement, made under penalty of perjury, that the above information is accurate, and that You are the copyright owner or are authorized to act on behalf of the owner.

7. Confidentiality

Definition

During the Term the parties may need to exchange or make available confidential and proprietary information to the other party in connection with this Agreement, whether disclosed in written, oral, electronic or visual form, which is identified as confidential at the time of disclosure or should reasonably be understood to be confidential given the nature of the information or the circumstances surrounding the disclosure, including without limitation business, operations, finances, technologies, products and services, pricing, personnel, customers and suppliers (“Confidential Information”). Without limiting the foregoing, (i) Cobalt Confidential Information shall include Cobalt Property; and (ii) Customer Confidential Information shall include Customer Data and the Applications/Networks, and findings in a Vulnerability Report. 

Non-Use

During the Term, and continuing after expiration or termination of the Agreement, each party shall retain in confidence, and not use (except for the purposes described in this Agreement), the Confidential Information of the other party. The receiving party will use the same degree of care and discretion (but not less than reasonable care) to avoid disclosure, publication or dissemination of the disclosing party’s Confidential Information as it uses with its own confidential or proprietary information of a similar nature.  Except as authorized in this Agreement or a Sales Order, the receiving party will not disclose the Confidential Information of the disclosing party to a third party other than to its or its Affiliates’ employees, contractors, agents or advisors in connection with its performance of this Agreement who are bound by terms no less protective of a disclosing party’s rights as those set forth in this Agreement and the receiving party shall be liable to the disclosing party for any violation of this Agreement by such persons.

Exclusions

Confidential Information shall not include information that (a) is publicly known at the time of disclosure, (b) is lawfully received from a third party not bound in a confidential relationship with the disclosing party, (c) is published or otherwise made known to the public by the disclosing party, or (d) was or is generated independently without use of the disclosing party’s Confidential Information.  The receiving party may disclose Confidential Information as required to comply with orders of governmental entities that have jurisdiction over it or as otherwise required by law, provided that the receiving party (i) gives the disclosing party reasonable advance written notice to allow the disclosing party to seek a protective order or other appropriate remedy (except to the extent that compliance with the foregoing would cause it to violate an order of the governmental entity or other legal requirement), (ii) discloses only that portion of the Confidential Information as is required, and (iii) cooperates with the disclosing party to obtain confidential treatment for any Confidential Information so disclosed.  Notwithstanding anything herein to the contrary, provided that Cobalt does not use or disclose Customer Confidential Information, Cobalt shall be free to use, exploit and disclose its general skills, concepts, ideas, know-how, and expertise gained or learned during the course of this Agreement, and Cobalt shall not be restricted from creating output for other Customers which is similar to that provided to Customer.

Remedies

Due to the unique nature of Confidential Information gained through the Services, the Parties acknowledge that the breach of this Section 6 could cause irreparable harm, which monetary damages would be insufficient to remedy and in the event of such a breach, or threatened breach, the non-breaching party shall be entitled to seek injunctive relief, as well as any other remedy which may be available at law or in equity.

8. Security

Cobalt Security Obligations. 

Cobalt agrees to take commercially reasonable technical and organizational measures designed to secure the Cobalt Site from unauthorized access or use, including maintaining the security standards at https://www.cobalt.io/security/practices.

Customer Security Obligations.

Customer shall maintain appropriate security for the Customer Data in transit and shall be responsible for backing up Customer Data stored on Customer’s computer systems.

PII

Customer acknowledges that it will endeavor to preclude or limit to the greatest extent possible, the exposure of Security Pentesters to any personally identifiable information, except as necessary for Customer’s establishment of its Cobalt Account, any patient, medical or other protected health information regulated by HIPAA or any similar federal or state laws, rules or regulations or any other information subject to regulation or protection under Applicable Laws such as, without limitation, the Gramm-Leach-Bliley Act (or related rules or regulations) (collectively, “Sensitive Data”), in Applications/Networks tested via the Services. Where any Sensitive Data will be present in Applications/Networks tested via the Services, Customer will advise Cobalt and the Security Pentesters of that fact through the Security Program. Cobalt will take all necessary technical and organizational steps to protect Sensitive Data; provided, that where Customer fails to notify Cobalt of the presence and extent of potential exposure to Sensitive Data, Cobalt and its Security Pentesters shall have no liability relative to processing such information. Where Customer is subject to laws or regulations requiring Sensitive Data processing activities be addressed via a data processing agreement, service provider agreement or similar (such as, without limitation, GDPR, CCPA, and like legislation and implementing regulations), any processing activities will be subject to the Cobalt Data Processing Agreement, signed separately by the parties and incorporated hereinto in full.

9. Representations & Warranties

Warranty

Your Warranty. You represent and warrant that: (i) You either (a) are the sole and exclusive owner of all Customer Data and Applications/Networks that You make available through the Site or Services or (b) You have all necessary legal rights, licenses, consents and releases to grant to Cobalt its Security Pentesters the rights in such Customer Data, as contemplated under this Agreement; (ii) neither the Customer Data nor Your posting, uploading, publication, sublicensing, submission or transmittal of the Customer Data or Cobalt’s use of or access to the Customer Data or Applications/Networks  will infringe, misappropriate or violate any third party patent, copyright, trademark, trade secret, moral rights or other proprietary or intellectual property rights, or rights of publicity or privacy, or result in the violation of any Applicable Law; and (iii) Customer shall comply with all applicable laws relating to its performance under this Agreement. 

Cobalt Warranty

Cobalt represents and Warrants that: (i) Cobalt either is the sole and exclusive owner of all Cobalt Content and the Site or Cobalt has obtained all necessary legal rights, licenses, consents, permissions, approvals and releases to grant You the right to such Cobalt Content and the Site, as contemplated under this Agreement; and (ii) Cobalt shall comply with all applicable laws relating to its performance under this Agreement.

Cobalt Limited Warranty

Cobalt represents and warrants that (i) it shall provide the Services in a professional manner and will provide a standard of care consistent with that used by service providers similar to Cobalt; and (ii) that the Security Pentesters have the general skills and expertise necessary to perform the Services. In order to state a claim for breach of the foregoing warranty, You must provide notice of such non-compliance within the thirty (30) day period following the delivery of a Vulnerability Report, specifying the details of such noncompliance. If You provides Cobalt with the required notice, as Your sole and exclusive remedy and Cobalt’s sole and exclusive liability for breach of warranty, Cobalt shall, at the Your request and option, either extend the period of testing to perform additional testing or provide a re-perform the Services using a different Security Pentester. This warranty shall not apply during any trial license period.

Disclaimers / Express Waivers of Warranties

EXCEPT FOR THE EXPRESS “COBALT WARRANTY” AND  “COBALT LIMITED WARRANTY” SET FORTH ABOVE, THE SITE AND SERVICES ARE PROVIDED "AS IS", WITHOUT ANY REPRESENTATIONS OR WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. WITHOUT LIMITING THE FOREGOING, COBALT EXPLICITLY DISCLAIMS ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT, AND ANY WARRANTIES ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. COBALT MAKES NO WARRANTY THAT THE SERVICES WILL MEET CUSTOMER’S REQUIREMENTS OR BE AVAILABLE ON AN UNINTERRUPTED, SECURE, OR ERROR-FREE BASIS. COBALT MAKES NO WARRANTY REGARDING THE QUALITY, ACCURACY OR COMPLETENESS OF ANY SECURITY PROGRAMS, VULNERABILITY REPORTS, AND COBALT DOES NOT GUARANTEE THAT THE SERVICES WILL REVEAL ALL SECURITY VULNERABILITIES, RISKY CAPABILITIES OR MALICIOUS CODE. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM COBALT OR THROUGH THE SITE, SERVICES, WILL CREATE ANY WARRANTY NOT EXPRESSLY MADE HEREIN. 

COBALT MAKES NO GUARANTEE AGAINST ANY MALFUNCTION OF THE ENTIRE SECURITY PROGRAM SITE OR ANY LATE, LOST, DAMAGED, MISDIRECTED, INCOMPLETE, ILLEGIBLE, UNDELIVERABLE, OR DESTROYED VULNERABILITY REPORT SUBMISSIONS DUE TO SYSTEM ERRORS, FAILED, INCOMPLETE OR DISTORTED COMPUTER OR OTHER TELECOMMUNICATION TRANSMISSION MALFUNCTIONS, HARDWARE OR SOFTWARE FAILURES OF ANY KIND, LOST OR UNAVAILABLE NETWORK CONNECTIONS, TYPOGRAPHICAL OR SYSTEM/HUMAN ERRORS AND FAILURES, TECHNICAL MALFUNCTION(S) OF ANY TELEPHONE NETWORK OR LINES, CABLE CONNECTIONS, SATELLITE TRANSMISSIONS, SERVERS OR PROVIDERS, OR COMPUTER EQUIPMENT, TRAFFIC CONGESTION ON THE INTERNET OR AT THE SITE, OR ANY COMBINATION THEREOF, INCLUDING OTHER TELECOMMUNICATION, CABLE, DIGITAL OR SATELLITE MALFUNCTIONS WHICH MAY LIMIT THE PERIOD A PROGRAM IS LISTED ON THE SITE.

10. Indemnification

You agree to release, indemnify, and hold Cobalt and its affiliates and subsidiaries, and their officers, directors, employees and agents, harmless from and against any third party claims, liabilities, damages, losses, and expenses, including, without limitation, reasonable legal and accounting fees, arising out of or in any way connected with (i) Your access to or use of the Site or Services; (ii) Customer Data, including without limitation Customer Data that violates third party rights, including intellectual property rights; (iii) Your breach of representations, warranties and/or obligations under this Agreement (iv) infringement, misappropriation or violation of any third party Intellectual Property Rights, contractual rights or rights of publicity or privacy; (v)Your improper or unlawful interaction with any other persons who access the Site; (vi) Your misrepresentation, negligence, or willful misconduct in connection with the performance of this Agreement;  (vii) Your misuse or violation of any third party integrations or terms; and (viii) Your violation of Applicable law (collectively the “Indemnified Claims”).

11. Limitation of Liability

Except as otherwise expressly provided in this Agreement, by using the Services, You agree that any legal remedy or liability that You seek to obtain for any acts or omissions of, any individuals or other third parties will be limited to a claim against the particular individuals or other third parties who caused You harm and You agree not to attempt to impose any liability on, or seek any legal remedy from Cobalt with respect to the acts or omissions of other individuals or third parties.

YOU ACKNOWLEDGE AND AGREE THAT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER COBALT NOR ITS LICENSORS, SUPPLIERS, OR CONTRACTORS WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, LOSS OF DATA OR LOSS OF GOODWILL, SERVICE INTERRUPTION, COMPUTER DAMAGE OR SYSTEM FAILURE OR THE COST OF SUBSTITUTE PRODUCTS OR SERVICES, OR FOR ANY DAMAGES FOR PERSONAL OR BODILY INJURY OR EMOTIONAL DISTRESS ARISING OUT OF OR IN CONNECTION WITH THE TERMS, THE USE OF OR INABILITY TO USE THE SITE, SERVICES FROM ANY COMMUNICATIONS OR INTERACTIONS WITH OTHER USERS OF THE SITE OR SERVICES, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT COBALT HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE, EVEN IF A LIMITED REMEDY SET FORTH HEREIN IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL COBALT’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO YOUR USE OF THE SITE AND SERVICES INCLUDING, BUT NOT LIMITED TO, FROM YOUR LISTING OF YOUR SECURITY PROGRAM OR VULNERABILITY REPORT VIA THE SERVICES EXCEED THE TOTAL OF THE AMOUNTS YOU HAVE PAID IN RELATION TO A SPECIFIC SECURITY PROGRAM VIA THE SERVICES AS A CUSTOMER DURING THE TWELVE (12) MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE LIABILITY OCCURRED OR ONE HUNDRED DOLLARS ($100) IF NO SUCH PAYMENTS HAVE BEEN MADE OR ARE OWED, AS APPLICABLE. **THE LIMITATIONS OF DAMAGES SET FORTH ABOVE ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN COBALT AND YOU. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE LIMITATION MAY NOT FULLY APPLY TO YOU, IN WHICH CASE YOU AGREE THIS PROVISION SHOULD BE APPLIED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

YOU UNDERSTAND AND AGREE THAT THE NATURE OF PENTESTING MAY CAUSE HARM OR DISRUPTION TO PROGRAM(S) AND THAT NEITHER COBALT NOR ANY SECURITY PENTESTER SHALL HAVE ANY LIABILITY OF ANY KIND ARISING OUT OF SUCH TESTING ACTIVITIES, UNLESS  COBALT OR THE SECURITY PENTESTER HAS COMMITTED GROSS NEGLIGENCE OR COMMITTED WILLFUL MISCONDUCT IN THE PERFORMANCE OF SUCH TESTING.

12. Term and Termination

Term

This Agreement shall commence on the effective date of an applicable Sales Order subject to this Agreement and will continue so long as there is an active Sales Order. 

Termination for Breach  

Cobalt shall have the right to terminate this Agreement, and all Sales Orders subject to this Agreement, in its entirety upon written notice to Customer if Customer materially breaches its obligations under this Agreement and, after receiving written notice identifying such material breach in reasonable detail, fails to cure such material breach within thirty (30) days from the date of such notice; provided, that Cobalt may terminate this Agreement immediately upon written notice where (i) the material breach in question consists of the failure to pay all undisputed amounts due within fifteen (15) days of the due date thereof, and (ii) in the case of a breach or violation that cannot be reasonably be cured.

Term and Termination of a Sales Order or SOW for Breach

Each Sales Order and/or SOW shall remain in effect for the term specified therein, (“Order Term”) and the Services or Professional Services will be provided by Cobalt only during the Order Term.   An individual Sales Order or SOW shall not be subject to termination, except that a Sales Order or SOW may be terminated (in whole but not in part) by a party solely if the other party fails to cure a material breach thereof, or of this Agreement as it relates to such Sales Order or SOW, within thirty (30) days after receiving written notice of the breach from the non-breaching party or immediately if a material breach is not capable of cure.

Effect of Termination  

Upon any termination or expiration of this Agreement, all rights and obligations of the parties shall end, other than their rights and obligations which are intended to survive termination.

Destruction of Software and Data

Upon any expiration or termination of this Agreement, Cobalt shall delete any Customer Data or Customer Confidential Information relating to Customer within 30 days, unless we are prohibited by law from doing so. Customer will no longer be able to access Cobalt services beyond the date of termination, therefore Customer should make sure to export Customer Data or Customer Confidential Information using the functionality within the Services, before the termination or expiration of this Agreement, including any applicable Sales Order.

Cancellation

A Customer may cancel their Cobalt Account at any time by sending an email to info@cobalt.io, provided that any such cancellation by You shall not affect any obligations by You under an active Sales Order including any payment obligations. You may request deletion of Customer Data after your Cobalt Account has been canceled or expired.

13. Test Drive

PLEASE NOTE: By signing up for a Test Drive (as defined herein) of the Cobalt platform, You are agreeing to the following terms and conditions. Except where expressly contradicted by the following, the applicable provisions of this Agreement remain fully effective.

(a) If You sign up for a Test Drive, Cobalt will make certain features of the Cobalt platform available to you on a trial basis only, free of charge, until the earlier of (a) ten days following You signing up for the Test Drive, (b) the start date of any Services subscription purchased by You, or (c) termination of the Test Drive by Cobalt in its sole discretion (the "Trial Period"). A Trial Period may be extended upon mutual agreement between You and Cobalt. Notwithstanding anything to the contrary in this Agreement, a Test Drive is provided "AS IS." Cobalt makes no commitment to maintain the availability of a particular feature or functionality of the Cobalt platform for the duration of a Test Drive. COBALT MAKES NO REPRESENTATION OR WARRANTY AND SHALL HAVE NO INDEMNIFICATION OBLIGATIONS WITH RESPECT TO TEST DRIVE. COBALT SHALL HAVE NO LIABILITY OF ANY TYPE WITH RESPECT TO TEST DRIVE , UNLESS SUCH EXCLUSION OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW IN WHICH CASE COBALT'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO TEST DRIVE IS $100.00. BY PARTICIPATING IN A COBALT TEST DRIVE, YOU AGREE TO REFRAIN FROM USING THE TEST DRIVE IN A MANNER THAT VIOLATES APPLICABLE LAW AND YOU WILL BE FULLY LIABLE FOR ANY DAMAGES CAUSED BY YOUR USE OF TEST DRIVE.

(b) You acknowledge that, at the end of the Trial Period, Your access to Test Drive will be automatically terminated, with or without notice, unless You agree to purchase a paid subscription to the Services pursuant to the applicable provisions of this Agreement. Any data entered by You into the Cobalt platform in connection with your use of Test Drive may be permanently lost upon termination of the Test Drive unless you subscribe to the Services.

(c) "Test Drive" means access to the certain features of the Cobalt Platform that are made available to a prospective customer to facilitate the evaluation of potentially purchasing the Services, which is provided to You at no additional charge, and which is designated as a "Trial," "Test Drive," or similar description. Test Drive does not include performance of a penetration test or other cybersecurity services, the identification of any security vulnerabilities, the provision of a report relative to Your security vulnerabilities or other aspects of Your security posture, or any other part of the Services offered by Cobalt other than access to the specific platform features that Cobalt, in its sole discretion, chooses to include in Test Drive. You acknowledge and agree that Test Drive is for Your internal business purposes only.

14. Miscellaneous

Assignment

You may not assign, transfer, delegate or subcontract this Agreement or any of Your rights or obligations under this Agreement, in whole or in part, by sale of assets, merger, operation of law or otherwise, without Cobalt’s prior written consent. Cobalt shall have the right to immediately terminate Your rights under this Agreement and seek any remedies available to it at law or in equity in the event You violate the foregoing. Cobalt may assign or transfer this Agreement, at its sole discretion, without restriction. Cobalt has the right to use subcontractors in connection with providing the Services. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties, their successors and permitted assigns.

Notices

Any notices or other communications permitted or required hereunder, including those regarding modifications to this Agreement, will be in writing and given by Cobalt (i) via email (in each case to the address that You provide) or (ii) by posting to the Site. Notices to Cobalt shall be sent to info@cobalt.io; with a copy to legal@cobalt.io. For notices made by e-mail, the date of receipt will be deemed the date on which such notice is transmitted.

Publicity and Use of Trademarks

Cobalt may (i) list Customer in Cobalt’s list of references and in proposals to potential Cobalt customers; and (ii) identify Customer as a customer of Cobalt (using Customer’s name and logo) and generally describe the nature of the relationship in Cobalt’s promotional materials, presentations, and on Cobalt’s website.

Force Majeure

If the performance of any obligation hereunder is interfered with by reason of any circumstances beyond a party’s reasonable control, including but not limited to acts of God, labor strikes and other labor disturbances, power surges or failures, or the act or omission of any third party, the party shall be excused from such performance to the extent necessary during the term of any force majeure event, provided the party shall use reasonable efforts to remove such causes of nonperformance.  If an event of force majeure prevents either party from performing its responsibilities under this Agreement for a period of more than thirty (30) days, the other party may terminate this Agreement and any outstanding Sales Order immediately upon written notice.

Controlling Law and Jurisdiction

This Agreement will be interpreted in accordance with the laws of the State of California and the United States of America, without regard to its conflict-of-law provisions. You and We agree to submit to the personal jurisdiction of a state court or arbitrator located in San Francisco County, San Francisco, California or a United States District Court, Northern District of California located in San Francisco, California for any actions for which the parties retain the right to seek injunctive or other equitable relief in a court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation or violation of a party’s copyrights, trademarks, trade secrets, patents, or other intellectual property rights, as set forth in the Dispute Resolution provision below.

Arbitration & Dispute Resolution

You and Cobalt agree that any dispute, claim or controversy arising out of or relating to this Agreement or the breach, termination, enforcement, interpretation or validity thereof, or to the use of the Services or use of the Site (collectively, "Disputes") will be settled by binding arbitration, except that each party retains the right to seek injunctive or other equitable relief in a court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation or violation of a party’s copyrights, trademarks, trade secrets, patents, or other intellectual property rights. You acknowledge and agree that You and Cobalt are each waiving the right to a trial by jury or to participate as a plaintiff or class member in any purported class action or representative proceeding. Further, unless both You and Cobalt otherwise agree in writing, the arbitrator may not consolidate more than one person's claims, and may not otherwise preside over any form of any class or representative proceeding. If this specific paragraph is held unenforceable, then the entirety of this "Dispute Resolution" section will be deemed void. Except as provided in the preceding sentence, this "Dispute Resolution" section will survive any termination of this Agreement.

Arbitration Rules and Governing Law. The arbitration will be administered by the American Arbitration Association ("AAA") in accordance with the Commercial Arbitration Rules and the Supplementary Procedures for Consumer Related Disputes (the "AAA Rules") then in effect, except as modified by this "Dispute Resolution" section. (The AAA Rules are available at http://www.adr.org/arb_med or by calling the AAA at 1-800-778-7879.) The Federal Arbitration Act will govern the interpretation and enforcement of this section.

Arbitration Process. A party who desires to initiate arbitration must provide the other party with a written Demand for Arbitration as specified in the AAA Rules. (The AAA provides a form Demand for Arbitration at http://www.adr.org/aaa/ShowPDF?doc=ADRSTG_004175 and a separate form for California residents at http://adr.org/aaa/ShowPDF?doc=ADRSTG_004314.) The arbitrator will be either a retired judge or an attorney licensed to practice law in the state of California and will be selected by the parties from the AAA’s roster of consumer dispute arbitrators. If the parties are unable to agree upon an arbitrator within seven (7) days of delivery of the Demand for Arbitration, then the AAA will appoint the arbitrator in accordance with the AAA Rules.

Arbitration Procedure. If Your claim does not exceed $10,000, then the arbitration will be conducted solely on the basis of documents You and Cobalt submit to the arbitrator, unless You request a hearing or the arbitrator determines that a hearing is necessary. If Your claim exceeds $10,000, Your right to a hearing will be determined by the AAA Rules. Subject to the AAA Rules, the arbitrator will have the discretion to direct a reasonable exchange of information by the parties, consistent with the expedited nature of the arbitration.

Arbitrator’s Decision. The arbitrator will render an award within the time frame specified in the AAA Rules. The arbitrator’s decision will include the essential findings and conclusions upon which the arbitrator based the award. Judgment on the arbitration award may be entered in any court having jurisdiction thereof. The arbitrator’s award damages must be consistent with the terms of the "Limitation of Liability" section above as to the types and the amounts of damages for which a party may be held liable. The arbitrator may award declaratory or injunctive relief only in favor of the claimant and only to the extent necessary to provide relief warranted by the claimant’s individual claim. If You prevail in arbitration You will be entitled to an award of attorneys’ fees and expenses, to the extent provided under Applicable Law. Cobalt will not seek, and hereby waives all rights it may have under Applicable Law to recover, attorneys’ fees and expenses if it prevails in arbitration.

Fees. Your responsibility to pay any AAA filing, administrative and arbitrator fees will be solely as set forth in the AAA Rules. However, if Your claim for damages does not exceed $75,000, Cobalt will pay all such fees unless the arbitrator finds that either the substance of Your claim or the relief sought in Your Demand for Arbitration was frivolous or was brought for an improper purpose (as measured by the standards set forth in Federal Rule of Civil Procedure 11(b)).

Changes.  Notwithstanding the provisions of the "Modification" section above, if Cobalt changes this "Dispute Resolution" section after the date You first accepted this Agreement (or accepted any subsequent changes to this Agreement), You may reject any such change by sending Us written notice (including by email to info@cobalt.io) within 30 days of the date such change became effective, as indicated in the "Last Updated Date" above or in the date of Cobalt’s email to You notifying You of such change. By rejecting any change, You are agreeing that You will arbitrate any Dispute between You and Cobalt in accordance with the provisions of this "Dispute Resolution" section as of the date You first accepted this Agreement (or accepted any subsequent changes to this Agreement).

Independent Parties

The relationship of the parties is that of independent contracting parties and Cobalt shall not be construed to be an employee, partner or agent of Customer.

Entire Agreement and Amendment

The terms and conditions of this Agreement provide the complete understanding of the parties with regard to the subject matter hereof and supersede all previous communications, agreements, proposals or representations related to the subject matter hereof.  Except as otherwise expressly provided for herein,  any amendment, or modification of this Agreement  will not be effective unless expressly agreed to in writing and signed by the authorized representatives the parties.  It is expressly agreed that no additional terms and conditions contained in Your purchase order, internet procurement portal or other non-Cobalt document shall apply to the Services ordered.

Waiver

The failure of Cobalt to enforce any right or provision of this Agreement will not constitute a waiver of future enforcement of that right or provision. The waiver of any such right or provision will be effective only if in writing and signed by a duly authorized representative of Cobalt. Except as expressly set forth in this Agreement, the exercise by either party of any of its remedies under this Agreement will be without prejudice to its other remedies under this Agreement or otherwise. If for any reason an arbitrator or a court of competent jurisdiction finds any provision of this Agreement invalid or unenforceable, that provision will be enforced to the maximum extent permissible and the other provisions of this Agreement will remain in full force and effect.

Definitions

Affiliate - Any entity controlled by, controlling, or under common control with a party to this Agreement during the period such control exists.  For the purposes hereof “control” means the power to direct the operation, policies and management of an entity through the ownership of more than fifty percent (50%) of the voting securities of such entity, by contract, or otherwise.

Applicable Law(s) - Any statute, law, ordinance, regulation, rule, code, order, constitution, treaty, directive, common law, judgment, decree or other requirement or rule of any federal, state, local or foreign government or political subdivision thereof, or any arbitrator, court or tribunal of competent jurisdiction applicable to a party’s performance of its obligations or the exercise of its rights under this Agreement.

Application(s) - A software application (including a web enabled application, desktop, or mobile application), involved directly or indirectly (through a test system) in a Security Program.

Cobalt Content - Means all Content that Cobalt makes available through the Services, and includes without limitation any data, documents, screens, templates, and forms of reports.  Cobalt Content expressly excludes Customer Content.

Content - Text, graphics, images, music, software, audio, video, information or other materials.

Credit - The prepaid unit purchased by Customer which can be exchanged for Cobalt Services. Each Credit corresponds to a particular level of effort by Cobalt.

Customer Data - Any Content or information relating to the Applications/Networks, the Applications/Networks and any other data, documents, information or content provided by or made accessible by Customer to Cobalt in connection with Customer’s use of the Services.

Intellectual Property Rights - Any and all registered and unregistered rights granted, applied for or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection or other intellectual property rights laws, and all similar or equivalent rights or forms of protection, in any part of the world.

Network(s) - Interconnected computers, servers, mainframes, network devices, peripherals, or other devices that share software and hardware resources between many users.

Personal Information - Any information relating to an identified or identifiable natural person or otherwise defined to be personal information under Applicable Law, including without limitation, “personal data” as used under the EU’s General Data Protection Regulation and under the UK’s Data Protection Act of 2018, and “personal information” as used under applicable California law.

Professional Services - Cybersecurity services provided by Cobalt to Customer pursuant to a separately executed statement of work (“SOW”) or similar document, excluding penetration testing services provided via the Services and Site. Professional Services are subject to the Cobalt Professional Services Addendum.

Sales Order - A transactional document referencing this Agreement, which has been agreed to by the parties in a mutually signed writing for the purchase of Credits or other offerings; provided that if Customer purchases the Services through a Cobalt reseller, the Sales Order shall be the transactional document entered into between Cobalt and the Cobalt reseller for Customer’s use.

Security Pentester - An individual who offers by signing up and/or is invited to be a Security Pentester on the Site in order to engage in testing of an Application/Network within the scope of a Security Program and to submit a Vulnerability Report confidentially to Customer via the Site.

Security Program - The scope of Services listed on the Site for Customer’s Application(s)/Network(s) to be completed by Security Pentester(s).

Services - The Cobalt online platform accessible via the Site (including the Site and all Cobalt Content on the Site) connecting Customers with Security Pentesters for Applications/Network testing, and the ensuing cybersecurity testing performed leveraging the Site and the Security Pentesters.

Site - The Cobalt websites where the Services are made available located at cobalt.io.

User - An employee or contractor of Customer who is authorized by Customer to use the Services via Customer’s Cobalt Account by provisioning access to the Site via the assignable roles associated with use of the Services.

Vulnerability Report - A confidential report submitted and listed by a Security Pentester containing security vulnerabilities found during the testing of the Application(s)/Network(s) in scope for a given Security Program.