Prior Version - 2018

Prior Version - August 2021

Prior Version - December 2021

END USER ASSESSMENT Agreement

Version: November 17, 2023

 

This End User Assessment Agreement (“Agreement”) is entered into by and between Veracode, Inc., a Delaware corporation with offices at 65 Blue Sky Drive, Burlington, Massachusetts 01803, (“Veracode”) and the Customer entity identified on an order form referencing this Agreement (“Customer”) and shall be effective as of the last date of signature, (the “Effective Date”). The parties to this Agreement may be referred to as a “Party” singularly or the “Parties” collectively. In consideration of the promises and mutual agreements contained herein, and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, and intending to be legally bound hereby, Veracode and Customer agree as follows:

  1. Definitions.

Affiliate” means entity controlled by, controlling, or under common control with a Party during the period such control exists. For the purposes hereof “control” means the power to direct the operations, policies, and management of an entity through the ownership of more than fifty percent (50%) of the voting securities of such entity, by contract, or otherwise.

Application(s)” means a collection of logically related software components that perform a coordinated set of functions, either owned by Customer and/or its Affiliates (provided that an Application may contain third party software components licensed by Customer and/or its Affiliates) or licensed by Customer from a third party and designated for Assessment by Customer.

Assess(es)(ed)(ment)” means the analysis performed by a particular Solution.

Confidential Information” means any information, whether disclosed in written, oral, electronic or visual form, which is identified as confidential at the time of disclosure or should reasonably be understood to be confidential given the nature of the information and the circumstances surrounding the disclosure, including without limitation business, operations, finances, technologies, products and services, pricing, personnel, customers and suppliers, other proprietary information, and (i) with regard to Customer, Customer Data, the Customer Applications, debug builds and information regarding the specific security vulnerabilities of the Customer Applications and, subject to Veracode’s ownership of the Veracode Property, the Reports and Output, and (ii) with regard to Veracode, the Veracode Property. The existence of this Agreement shall not be considered Confidential Information; however, the economic terms of this Agreement, inclusive of pricing, shall be considered Confidential Information.

Customer Data” means any Customer data, information, or content (including the Applications and any Assessment results thereof) provided by, or on behalf of, Customer to Veracode in connection with its use of a Solution, but excludes personal data. It is agreed and acknowledged that Customer owns and retains all rights, inclusive of all intellectual property rights, to all Customer Data.

Documentation” means any user guides, help windows, Solution descriptions and other documents relating to the use, performance, or technical information, of a Solution made available by Veracode at https://docs.veracode.com.

Force Majeure Event” means any act or event, or circumstances beyond a Party’s reasonable control, which prevents a Party from performing its obligations under this Agreement, including but not limited to acts of God, epidemic, pandemic, terrorist acts, acts of war, labor strikes and other labor disturbances, or power surges or failures.

Internal Use means customary business use and not use for compensation of any kind.

Order Form(s)” means a sales order form or similar document referencing this Agreement, which has been mutually agreed to by the Parties either (i) in a mutually signed writing or (ii) by a Customer issued purchase order expressly referencing a Veracode provided sales order form, that describes the particular Solution(s) ordered, the quantity of Solution(s) ordered, the fees for the Solution(s) and the Subscription Term. If Customer licenses the Solution(s) through a Veracode authorized reseller, an Order Form may be entered into between Veracode and the authorized reseller.

Output” means any type of output, other than a Report, which may include but is not limited to presentations, slide decks, or other documents provided by or made available by Veracode to Customer or its Users, through the Solution(s), or otherwise.

Remediation(s)” means a suggested change generated by the Solution as a result of an Assessment, which may be in the form of code, and which Customer may choose to review and/or implement into an Application.

Report(s)” means any report (or any portion of a report) produced by the Solution(s) that provides the results of an Assessment.

“Software” means any software provided or offered by Veracode designed to be used by Customer in conjunction with a licensed Solution, including but not limited to agents, APIs, virtual appliances, and e-Learning course content, unless such Software has been made subject to separate terms.

Solution(s)” means the products stated in an Order Form (including any Veracode owned or licensed software, data, information, content, documents, systems or sub-systems, the Solution Platform and any Veracode content provided as a part thereof), Software, Documentation, and any updates to the Solutions made available by Veracode from time to time, in its sole discretion. As used herein, the term Solution specifically excludes all Applications, Remediations, and Reports.

Solution Platform” means any Veracode owned or licensed software, data, information, content, systems or sub-systems which form a part of the platform owned or controlled by Veracode which is used to provide the automated software as a service Solutions. The Solution Platform specifically excludes all Applications.

Subscription Term” means the time period during which Customer has access to certain Solution(s) and/or support as set forth in an applicable Order Form.

Usage Data” means anonymized data, including data that has been aggregated, generated or derived from the operation and use of the Solutions, including statistical information that Veracode has compiled relating to Assessments, which does not identify an Application or Customer.

Users” means anyone granted access to a Solution by Customer as permitted under this Agreement.

Veracode Property” means any Veracode technical information, e-Learning or other course content, techniques, ideas, methods, processes, software, interfaces, utilities, data, documents, directories, designs, user interfaces, know-how, intellectual property, information or materials of any kind (regardless of form) which has been or is acquired, created, developed or licensed by Veracode prior to or outside the scope of this Agreement and any improvement, modification or other derivative works thereof and all intellectual property rights therein; and expressly includes, without limitation, the Solutions, Usage Data, and Report and Output templates.

  1. Orders. An order shall be deemed placed when the Parties enter into one or more Order Forms which reference this Agreement, each of which shall be incorporated herein by reference. If an Affiliate enters into an Order Form pursuant to this Agreement, by doing so such Affiliate agrees to be bound to the terms of this Agreement. Customer shall be responsible for the compliance of its Affiliates with the terms and conditions of this Agreement.
  2. License Grants and Ownership. Any and all rights not expressly granted herein are reserved by Veracode. All rights and licenses granted herein are subject to the terms of this Agreement. Except as expressly licensed herein, Veracode shall own all right, title, and interest to Veracode Property.
    1. Veracode Solutions License. Veracode grants Customer a non-exclusive, non-transferable right and license, during the Subscription Term, to access and use the Solution(s) stated in an Order Form, and any associated Software, solely for Customer’s Internal Use.
    2. Rights to Reports and Remediation(s). During the Subscription Term, as applicable to the Solutions licensed, Veracode will make available to Customer (i) a Report containing the results of each Application Assessed as part of the Solution; and/or (ii) Remediation(s). Customer shall own all right, title, and interest to each Report and/or Remediation, subject to Veracode’s ownership of any Veracode Property contained therein and provided Customer agrees Reports and/or Remediations shall be used solely for Customer’s Internal Use and as contemplated by this Agreement. Veracode grants Customer a non-exclusive, transferable, perpetual, worldwide license to access, use and reproduce any Veracode Property contained within each of the Report and/or Remediation, solely for Internal Use.
    3. Customer Applications and Customer Data License. Customer grants Veracode a limited, non-exclusive right and license, during the Subscription Term, to (i) use, access, reproduce, transmit, collect, and store, including via application programming interfaces, each Application or components thereof, and the Customer Data, solely to the extent necessary to provide the Solution and/or perform its obligations under this Agreement; and (ii) create, reproduce, store, make available and transfer Reports. Veracode will not expose or attempt to derive the source code of any Application. Except as expressly licensed herein, Customer and its Affiliates (and/or their licensors) shall retain all right, title and/or interest to the Applications and Customer Data.
    4. Third Party Application Assessments and Reports. If Customer chooses to have an Application Assessed that is owned or licensed by a third party, prior to performing the Assessment, Veracode may require such third party enter into a separate agreement directly with Veracode. Customer hereby grants Veracode the right to use Customer’s name in Veracode’s communications to such third party. Upon completion of an Assessment, the third party shall own the detailed Report relating to the Assessed Application and Veracode shall make available to Customer a version of the Report containing the results of the Assessment. Customer is hereby granted a non-exclusive, non-transferable, perpetual, worldwide license to access, use and reproduce such Report and any Veracode Property contained therein, solely for Customer’s Internal Use.

 

  1. Access and Acceptable Use.
    1. Access to Applications. Customer agrees to make the Applications to be Assessed available to Veracode in accordance with Veracode’s submission specifications and the Documentation. Each Application shall be provided in a form mutually agreed to by the Parties, including, but not limited to, executable object code form (unless the particular Application is only deployed in source, in which case Customer will provide source) or, in the case of a web Application, by providing the URL. Customer is responsible for providing the systems, servers, software and network and communications necessary to connect to and utilize the Solution.
    2. Solution and Solution Platform Access. Customer will register a primary administrative User. Such administrative User is authorized to set up Customer’s account, including creating subaccounts for additional Users, each of which shall have unique login IDs and passwords. Customer shall be responsible for the acts or omissions of all of its Users.
    3. Acceptable Use. Customer and its User shall not:
      • use the Solution(s) except as contemplated by this Agreement;
      • use the Solution(s) in any manner that is in breach of any law or regulation;
      • make the Solution available to any third party not authorized or as otherwise contemplated by this Agreement;
      • send Applications or code that can harm or result in damage to the Solution(s) (including but not limited to malicious code and malware);
      • willfully interfere with or disrupt the integrity of the Solution(s);
      • remove or modify any program markings or any notice of Veracode’s or its licensors’ proprietary rights;
      • use Remediation(s) to train a large language model;
      • modify or attempt to expose the source code of, or attempt to recreate any software which forms a part of the Solutions or Software;
      • perform or disclose any benchmark or performance tests on the Solutions;
      • perform or disclose any of the following security testing of the Solutions, or associated infrastructure: network discovery, port and service identification, vulnerability scanning, password cracking, remote access testing, penetration testing or any other test or procedure not authorized in the Documentation;
      • provide any health, payment card or similarly sensitive personal information in its use of the Solutions that imposes specific data security obligations for the processing of such data unless it is a supported feature in the Documentation of the applicable Solution;
      • use the Solutions and any of the features thereof, or any APIs, in a manner that affects the stability or accessibility of the Solutions; or
      • Attribute to Veracode any Reports, Application findings, Remediations, Output or Assessment results produced by the Solutions that have been modified or altered.

Customer agrees that it, and its Users shall, if notified by Veracode that such Customer or User utilization has been determined by Veracode to be the cause of stability or accessibility issues, immediately cease such usage. Customer further agrees to promptly notify Veracode upon learning of any unauthorized use of Customer’s accounts or any other breach of security related to the rights granted under this Agreement. Upon such notification, or if Veracode learns of any malicious activity associated with any Customer or User account, Veracode may temporarily suspend such accounts to mitigate the effects of any security event or malicious activity, and when reasonably practicable and lawfully permitted, will provide Customer with notice of any such suspension. Veracode will use reasonable efforts to re-establish any temporarily suspended account promptly after the issue causing the suspension has been resolved. Veracode reserves the right to refuse registration of, or to cancel login IDs of any Users who violate the terms of this Agreement, and/or limit or remove Customer access to the Solution or Solution Platform for usage of quantities in excess of the quantity stated in an Order Form. Customer is responsible for payment of fees for any use of the Solution(s) in excess of the quantity stated in an Order Form.

  • Customer Usage. No more than once annually, upon Veracode’s reasonable request, Customer will cooperate with Veracode to measure Customer’s usage of the Solutions and provide documentation demonstrating such usage measurement.
    1. Modifications, Service Levels and Support Packages.
      1. Modifications. Veracode reserves the right to modify the Solutions and Solution Platform from time to time in an effort to improve the functionality of the Solutions, however such changes shall not materially reduce the functionality provided during the Subscription Term.
      2. Service Levels and Support Packages. Service levels associated with support packages and response times are described at the page posted at https://www.veracode.com/resources/customers/technical-support. The content posted at such page is effective as posted for entirety of a Subscription Term on the Order Form.
    2. Confidentiality and Security.
      1. Confidentiality. During the Term of this Agreement and continuing after termination of this Agreement, each Party shall retain in confidence, and not use except for the purposes described in this Agreement, the Confidential Information of the other Party disclosed by such Party or its Affiliates or made available in connection with this Agreement. The receiving party will use the same degree of care and discretion (but not less than reasonable care) to avoid disclosure, publication, or dissemination of the disclosing party’s Confidential Information as it uses with its own information of a similar nature. Except as authorized in this Agreement, the receiving party will not disclose the Confidential Information of the disclosing party to a third party other than to its employees, contractors, agents or advisors in connection with its performance of this Agreement and the receiving party shall be liable to the disclosing party for any violation of this Agreement by such persons. Confidential Information shall not include information that (a) is publicly known at the time of disclosure, (b) is lawfully received from a third party not bound in a confidential relationship with the disclosing party, (c) is published or otherwise made known to the public by the disclosing party, or (d) was or is generated independently without use of the disclosing party’s Confidential Information. The receiving party may disclose Confidential Information as required to comply with orders of governmental entities that have jurisdiction over it or as otherwise required by law, provided that the receiving party (i) to the extent permitted by the governmental order or law, gives the disclosing party reasonable advance written notice to allow the disclosing party to seek a protective order or other appropriate remedy, (ii) discloses only that portion of the Confidential Information as is required, and (iii) uses commercially reasonable efforts to obtain confidential treatment for any Confidential Information so disclosed. Notwithstanding anything herein to the contrary, provided that Veracode does not use or disclose Customer Confidential Information, Veracode shall be free to use, exploit and disclose its general skills, concepts, ideas, know-how, Usage Data and expertise gained or learned during the course of this Agreement, and Veracode shall not be restricted from creating Output for other customers which is similar to that provided to Customer. Each Party owns and retains all rights, inclusive of all intellectual property rights, to their respective Confidential Information.
      2. Security. Veracode shall maintain, use, and process any Customer Confidential Information in compliance with all applicable laws. Veracode shall establish and maintain administrative, physical and technical safeguards designed to guard against the destruction, loss, or alteration of Customer Confidential Information. Without limiting the foregoing, Veracode shall at all times in connection with this Agreement: (i) maintain and enforce an information security program including administrative, physical and technical security policies and procedures with respect to its processing of Customer Data and Customer Confidential Information consistent with commercially reasonable industry practices and standards; (ii) provide technical and organizational safeguards designed to protect against accidental, unlawful or unauthorized access to or use, destruction, loss, alteration, disclosure, transfer, commingling or processing of such Customer Confidential Information and ensure a level of security appropriate to the risks presented by the processing of such information and the nature of such information, consistent with commercially reasonable industry practice and standards; (iii) take commercially reasonable measures to secure the Solutions against "hackers" and others who may seek, without authorization, to disrupt, damage, modify, access or otherwise use the Solutions or the information found therein; and (iv) take commercially reasonable measures to logically separate Customer Confidential Information from that of other customers. Veracode shall periodically test and continuously monitor its systems for potential areas where security could be breached and shall also periodically conduct security testing, including penetration testing. Veracode shall be solely responsible for its information technology infrastructure, including all computers, software, databases, electronic systems and networks that are owned or controlled by Veracode that may be used by Veracode to access Customer’s systems or otherwise in connection with the Solutions. To the extent that Veracode utilizes service providers or subcontractors in connection with the performance of the Solutions, Veracode acknowledges that this provision applies equally to any such service provider or subcontractor, such service provider or subcontractor will possess a level of security and data protection equal to Veracode and Veracode shall be responsible for such service providers and subcontractors in accordance with the terms of this Agreement.
    3. Representations and Warranties; Disclaimer.
      1. General Warranties. Each Party represents and warrants to the other Party that (i) it has all the necessary rights, approvals, consents and permissions to enter into this Agreement and to grant the rights and licenses herein, and (ii) the execution, delivery and performance of this Agreement does not conflict with any agreement, instrument, judgment or understanding, oral or written, to which it is a party or by which it may be bound.
      2. Customer Warranty. Customer represents and warrants that it has and shall maintain during the Term all rights necessary to (i) provide the Applications or components thereof, Customer Data and Customer Confidential Information to Veracode for the purpose of enabling Veracode to perform its obligations under this Agreement, and (ii) direct Veracode to take any actions concerning the Applications or components thereof, Customer Data and/or Customer Confidential Information, including to perform Assessments or receive and implement Remediations.
      3. Solution Performance Warranty. Veracode represents and warrants that the Solution will be provided as described in the applicable Order Form, by qualified personnel in a professional manner, and will comply in all material respects with applicable Documentation. In order to state a claim for breach of this Solution performance warranty, Customer must provide notice of such non-compliance within the thirty (30) day period following such non-compliance (such as, for example, within thirty (30) days from date of performance of the part of a particular Assessment or delivery of a Report with respect to an Assessment) specifying the details of such noncompliance. If Customer timely provides Veracode with the required notice, as Customer’s sole and exclusive remedy and Veracode’s sole and exclusive liability for breach of warranty, Veracode shall re-perform such portion of the Solution or otherwise use commercially reasonable efforts to correct any such non-compliance, at its expense, within thirty (30) days of its receipt of such notice. During any trial period, this warranty shall not apply.
      4.  Warranty Disclaimer. EXCEPT FOR THE EXPRESS REPRESENTATIONS AND WARRANTIES STATED HEREIN, VERACODE DISCLAIMS ALL OTHER REPRESENTATIONS AND WARRANTIES, EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. WITHOUT LIMITING THE FOREGOING, VERACODE DOES NOT WARRANT OR REPRESENT THAT THE SOLUTIONS WILL FIND, IDENTIFY OR, AS APPLICABLE, FIX ALL SECURITY VULNERABILITIES, RISKY CAPABILITIES, OR MALICIOUS CODE, OR THAT REMEDIATIONS WILL NOT RESULT IN THE INTRODUCTION OF NEW VULNERABILITIES OR BREAK THE FUNCTIONALITY OF THE APPLICATIONS OR CUSTOMER DATA. CUSTOMER AGREES AND UNDERSTANDS THAT CUSTOMER ASSUMES SOLE RESPONSIBILITY FOR THE USE OF ANY REMEDIATIONS, INCLUDING THE EVALUATION OF THE IMPACT OF THE USE OF ANY REMEDIATION PRIOR TO IMPLEMENTATION. 
    4. Indemnification.
      1. Veracode’s Indemnity. Veracode shall defend and indemnify Customer and its Affiliates and their officers, directors, employees and agents (the “Customer Indemnitees”) against actual damages, costs and expenses, including reasonable attorneys' fees, suffered by the Customer Indemnitees arising out of a third party claim that (i) the Solution infringes or violates any valid patent, copyright, or trademark or misappropriates a third party’s trade secret, or (ii) Veracode is not the owner or licensee of any Veracode Property, including without limitation the Solution and/or does not have the right, title and/or interest to grant the license rights provided for herein and make available the Solution; provided that, in each case, Veracode shall not be responsible for any claim to the extent arising from or relating to (a) Customer’s unauthorized use of the Solution, or (b) any Applications or any Customer Data used in combination with the Solution if the claim would not have arisen but for such combination.
      2. Customer’s Indemnity. Customer shall defend and indemnify Veracode and its Affiliates and their officers, directors, employees and agents (the “Veracode Indemnitees”) against any actual damages, costs and expenses, including reasonable attorneys' fees, suffered by the Veracode Indemnitees arising out of any third party claim that Customer (i) is not the owner or licensee of each Application and any Customer Data or (ii) does not have the right, title and/or interest to grant the license rights provided for herein and to submit and designate for Assessment each Application and any Customer Data for the purposes of allowing Veracode to provide the Solution and produce the Reports or Output.
      3. Indemnity Procedures. The indemnifying party shall conduct and have sole control of the defense and settlement of any claim for which it has agreed to provide indemnification, provided that the indemnified party shall have the right to provide for its separate defense at its own expense. The indemnified party shall give prompt notice of all claims for which indemnity is sought and shall cooperate in defending against such claims, at the expense of the indemnifying party. The rights and remedies set forth in this Section 8 state each Party’s exclusive liability and exclusive rights and remedies with regard to claims made by a third party for intellectual property infringement or violation of a third party’s intellectual property rights.
    5. Limitation of Liability. IN NO EVENT WILL VERACODE, ITS AFFILIATES OR SUBSIDIARIES BE LIABLE TO CUSTOMER OR ANY OTHER PARTY UNDER OR IN CONNECTION WITH THIS AGREEMENT FOR: (1) INCIDENTAL, INDIRECT, CONSEQUENTIAL OR PUNITIVE DAMAGES, INCLUDING WITHOUT LIMITATION LOST PROFITS, BUSINESS INTERRUPTION, LOSS OF USE, OR LOST DATA, REGARDLESS OF THE FORM OF THE ACTION WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT PRODUCT LIABILITY OR OTHERWISE, EVEN IF VERACODE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES; OR (2) DAMAGES CAUSED BY CUSTOMER'S FAILURE TO PERFORM ITS OBLIGATIONS HEREUNDER. IN NO EVENT WILL VERACODE, ITS AFFILIATES OR SUBSIDIARIES BE LIABLE, IN THE AGGREGATE, TO CUSTOMER OR TO ANY OTHER PARTY FOR ANY AND ALL CLAIMS ARISING OUT OF OR CONNECTED WITH THIS AGREEMENT, IN AN AMOUNT EXCEEDING THE TOTAL AMOUNT ACTUALLY PAID TO VERACODE BY CUSTOMER UNDER THE TERMS OF THIS AGREEMENT DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEEDING VERACODE’S RECEIPT OF NOTICE OF AN INITIAL CLAIM. Without limiting the foregoing, Veracode shall not have any liability for losses, claims or damages for any harm or disruption of Customer’s systems or applications arising out of penetration tests or simulated attacks or Customer’s implementation of or failure to implement, install, use and/or apply Remediations provided as part of a particular Solution in accordance with the terms of this Agreement.
    6. Term and Termination.
      1. Term of Agreement. This Agreement shall commence on the Effective Date and will continue thereafter until sixty (60) days after the expiration of the last to expire of any existing Order Forms which are then in effect (the “Term”).
      2. Termination for Breach. A Party may terminate this Agreement for material breach by the other Party, provided that in each instance of a claimed breach: (i) the non-breaching party notifies the breaching party in writing of such material breach within thirty (30) days of its occurrence, and (ii) the breach is not cured within thirty (30) days of receipt of such notice. An Order Form may only be terminated (in whole or in part) by a Party if the other Party fails to cure a material breach of the terms of such Order Form or of this Agreement as it relates to the terms of such Order Form within thirty (30) days after receiving written notice of the material breach from the non-breaching party. The termination of a particular Order Form shall not impact the validity of other Order Forms or this Agreement. Any termination of this Agreement shall not become effective until all Order Forms referring to this Agreement are expired or terminated.
      3. Effect of Termination. Upon any termination or expiration of this Agreement, all rights and obligations of the Parties shall end, other than the rights and obligations under Sections 6.1, 8, 9, 10.2, 12 and 13.2 hereof.
      4. Destruction of Applications and Data. Veracode shall destroy, using industry standard methods, all copies of each Application, the results of the Assessments of each Application, Customer Confidential Information, and all associated documentation and related materials provided by Customer either (i) upon request by Customer; or (ii) within sixty (60) days following any termination or expiration of this Agreement if such destruction has not already occurred. Upon request, Veracode shall confirm such destruction in writing. Upon the expiration or termination of any Order Form, Customer shall immediately discontinue use of and access to the Solutions set forth in such Order Form.
    7. Insurance. Veracode shall maintain, at its expense, at all times during any Subscription Term set forth on an Order Form, insurance of such type and level as is reasonable and prudent in the industry. Such insurance shall be carried with responsible insurance companies of recognized standing which are authorized to do business in the state in which the Solution is rendered and are rated A- or better by A.M. Best. Upon Customer’s request, Veracode shall furnish Customer with a certificate of insurance providing evidence of its insurance coverages.
    8. Export Compliance. Customer use of, or access to the Solution Platform or the Solutions, Reports or Output may be subject to export laws and regulations of the United States and other jurisdictions which may or may not cause Veracode to deny User access. Customer will not permit any access to or use Solution in a U.S.-embargoed country or region or in violation of any U.S. export law or regulation and Customer shall comply with all laws and regulations applicable to the use of the Solutions, including laws or regulations of the United States Department of Commerce, the United States Department of the Treasury’s Office of Foreign Assets Control, or any other United States or foreign agency or authority. Each Party represents that it is not named on any U.S. government denied-party list.
    9. General.
      1. Assignment and Subcontractors. Neither Party may assign this Agreement, or any of its rights or obligations hereunder (in whole or in part) without the prior written consent of the other Party. Notwithstanding the foregoing, Veracode may assign this Agreement, without Customer’s consent, in whole (but not in part) to a successor in interest to Veracode’s business in connection with a merger, sale of substantially all of its assets, change of control or by operation of law, or to an Affiliate, provided that (i) the assignee agrees to assume the obligations under this Agreement in writing and has adequate resources to meet its obligations hereunder; and (ii) the assignment shall not change the scope of work to be performed under any Order Form then in effect. The terms of this Agreement shall be binding upon the permitted successors and assigns of Veracode. Veracode may use subcontractors in its performance under this Agreement and shall be responsible for the acts and omissions of such subcontractors.
      2. Governing Law and Venue. This Agreement is governed by the laws of the Commonwealth of Massachusetts, without regard to its conflict of laws principles. The Parties agree to submit to the exclusive jurisdiction of, and venue in, the courts in Middlesex County in any dispute arising out of or relating to this Agreement. The United Nations Convention on Contracts for the International Sale of Goods does not apply to the transactions contemplated by this Agreement. The Uniform Computer Information Transactions Act will not apply to this Agreement regardless of when and howsoever adopted, enacted, and further amended under the governing state laws.
      3. Notices. Notices to Veracode by Customer shall be sent in writing to the address set forth above and shall also include a copy to: Veracode Office of the General Counsel, Veracode, Inc., 65 Blue Sky Drive, Burlington, MA 01803, United States of America and a copy via email to [email protected]. Notices to Customer by Veracode shall be sent in writing either via email or by mail to the Customer email address or address set forth in the Order Form. Notices sent in writing shall be deemed to be delivered (i) one day after delivery with a reputable overnight carrier, or (ii) three days after deposit with US Postal Service sent first class mail, return receipt requested.
      4. Force Majeure. Neither Party shall be liable to the other Party for any failure or delay caused by a Force Majeure Event, provided the Party shall use reasonable efforts to remove such causes of nonperformance. Notwithstanding the foregoing, (i) neither Party is excused from its obligation to take reasonable steps to follow its disaster recovery procedures, and (ii) Customer is not excused from its payment obligation.
      5. Relationship of the Parties. The relationship of the Parties is that of independent contractors and Veracode shall not be construed to be an employee, partner, or agent of Customer.
      6. Entire Agreement. The terms of this Agreement (including any applicable exhibits, referenced documents, or Order Forms entered into pursuant to this Agreement) provide the complete understanding of the Parties with regard to the subject matter hereof and supersede all previous communications, agreements, proposals or representations related to the subject matter hereof.
      7. Amendment. Except as otherwise expressly provided for herein, any waiver, amendment, or modification of any right or remedy, in whole or in part under this Agreement, or any additional or different terms in acknowledgments or other documents, will not be effective unless expressly agreed to in writing and signed by authorized representatives of each of the Parties.
      8. Order of Precedence. Unless the Order Form expressly amends this Agreement and except as otherwise expressly provided herein, the terms and conditions of this Agreement shall take precedence over any conflicting terms in the Order Form. It is expressly agreed that no additional terms and conditions contained in Customer’s purchase order, internet procurement portal or other non-Veracode document shall apply to the Solutions ordered.
      9. Miscellaneous. This Agreement may be executed in counterparts, including information which is incorporated by written reference, which, taken together, will constitute one and the same instrument. The exchange of a fully executed Agreement (in counterparts or otherwise) by electronic means or in writing shall be sufficient to bind the Parties to the terms and conditions of this Agreement and to any Order Form.