Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Terms of use

General


Last update on 9th of January, 2019

IMPORTANT - READ BEFORE USING THE SITE OR SERVICES.

BY CLICKING TO SIGN IN ONLINE TO USE THE COBALT SITE AND SERVICES AND BY USING THE SITE AND SERVICES, YOU AGREE TO COMPLY WITH AND BE LEGALLY BOUND BY THESE TERMS (AS DEFINED BELOW), WHETHER OR NOT YOU BECOME A REGISTERED USER. THESE TERMS GOVERN YOUR ACCESS TO AND USE OF THE SITE AND SERVICES AND ALL COLLECTIVE CONTENT (ALL AS DEFINED BELOW) AND CONSTITUTE A BINDING LEGAL AGREEMENT BETWEEN YOU AND COBALT. IF YOU DO NOT AGREE TO THESE TERMS, YOU HAVE NO RIGHT TO OBTAIN INFORMATION FROM OR USE THE SITE OR SERVICES.

Supplemental Terms and Order

These General Terms are subject to the following Supplemental Terms (“Supplemental Terms”) which are incorporated herein by reference as applicable to you:

  • Supplemental terms for Running a Security Program found at https://cobalt.io/terms/business. These terms must be accepted and agreed to by a program owner prior to running a security program.

  • Supplemental terms for Engaging in a Test found at https://cobalt.io/terms/security-researcher. These terms must be accepted and agreed to by a security researcher prior to engaging in any testing activities on an Application/Network or providing a vulnerability report.

For Program Owners (See term definitions below), a separate Order will be provided and mutually agreed to by Cobalt and the Program Owner (or Program Owner’s reseller covering Program Owner’s use) to cover the pricing and any additional terms for the Service.

Scope of Agreement

Cobalt (hereafter referred to as "Cobalt", "we", "us", or "our") provides an online platform that connects Program Owners who have Applications/Network(s) they want to have security tested with Security Researchers seeking Applications/Network(s) to test (collectively we call this the "Services" as further defined below). The Services are made accessible at Cobalt websites e.g. at cobalt.io (collectively, we call these websites the "Site"). Please carefully read these General Terms and our Privacy Policy. These Terms shall govern your use of the Site and Service whether you purchase Services directly from Cobalt or indirectly from a Cobalt reseller. Failure to use the Site in accordance with these Terms may subject you to civil and criminal penalties.

If you accept or agree to these Terms as a Member on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind that company or other legal entity to these Terms and, in such event, "you" and "your" will refer and apply to that company or other legal entity.

Platform Description

The Site and Services comprise an online SaaS platform through which Program Owners (defined below) may create Security Programs (defined below) for Application/Network security testing (defined below) and Security Researchers (defined below) may be invited to the Security Programs to perform tests on the Applications/Network(s).

Key Definitions

Term Definition
Services An online platform that connects Program Owners who have Applications/Network(s) they want to have security tested with Security Researchers
Site The websites where the Services are made available e.g. at cobalt.io
Applicable Law(s) Any statute, law, ordinance, regulation, rule, code, order, constitution, treaty, directive, common law, judgment, decree or other requirement or rule of any federal, state, local or foreign government or political subdivision thereof, or any arbitrator, court or tribunal of competent jurisdiction applicable to a party’s performance of its obligations or the exercise of its rights under these Terms.
Order A transactional document which may take the form of an order, statement of work or other document agreed to in writing by the parties which includes a description of the Services to be provided, quantities, pricing and any other additional terms agreed to by the parties. In the event that you purchase Services from a Cobalt reseller, then “Order” shall refer to such transactional document entered into between the reseller and Cobalt relating to your use of the Site and Services.
Personal Information Any information relating to an identified or identifiable natural person or otherwise defined to be personal information under Applicable Law.
Terms These General Terms, Supplemental Terms (as applicable), the Privacy Policy and Order which shall govern your use of the Site and Services.
Cobalt Content Means all Content that Cobalt makes available through the Site, or Services, including any Content licensed from a third party, but excluding Member Content and includes without limitation any data, documents, screens, templates, and form of reports.
Collective Content Member Content and Cobalt Content.
Content Text, graphics, images, music, software, audio, video, information or other materials.
Member A person who completes the Cobalt account registration process, including, but not limited to Program Owners and Security Researchers, as described under "Account Registration" below.
Member Content All Content that a Member posts, uploads, publishes, submits or transmits through the Site or Services.
Security Researcher A Member who signs up/gets invited as a security researcher on the Site in order to potentially engage in a test of an application/network set in scope of a Security Program and potentially submit a Vulnerability Report via the Site or Services.
Cobalt Core Security Researcher (“Core Security Researcher”) A Security Researcher who has gone through Cobalt vetting, and has had a Background Check as expressly described in these Terms.
Program Owner A Member who registers through the account registration process as a Program Owner on the Site in order to potentially create a Security Program via the Site and Services.
Program Collaborator A Member who is invited by a Program Owner to help support the management of the Program Owner’s Security Program via the Site and Services
Security Program A program that is listed on the Site by a Program Owner requesting and allowing security researchers to test the Application(s)/Network(s) listed in the Security Program as being in scope within a defined set of Program Rules.
Application(s) The application(s) (typically web, desktop or mobile applications) involved directly or indirectly (through a test system) in a Security Program.
Network(s) A set of IPs involved directly or indirectly (through a test system) in a Security Program.
Vulnerability Report A report of an issue found during the testing of the Application(s)/Network(s) in scope for a given Security Program. Vulnerability Reports are submitted and listed by the Security Researcher.
Program Rules The rules, instructions and scope set by the Program Owner on the Security Program
Tax (or Taxes) Any sales taxes, value added taxes (VAT), goods and services taxes (GST) and other similar municipal, state and federal indirect or other withholding and personal or corporate income taxes.

Additional terms applicable to the Site and Services are defined within the body of these Terms.

Notice on Terms and Order of Precedence

Certain areas of the Site (and your access to or use of certain aspects of the Services or Collective Content) may have different terms and conditions posted or may require you to agree with and accept additional terms and conditions. If there is a conflict between these Terms and terms and conditions posted for a specific area of the Site, Services, or Collective Content, the latter terms and conditions will take precedence with respect to your use of or access to that area of the Site, Services, or Collective Content. If there is a conflict between these Terms and the terms of an Order, these Terms shall take precedence unless the Order expressly amends these Terms.

Modification

Cobalt reserves the right, at its sole discretion, to modify the Site or Services or to modify these Terms, including the Service Fees, at any time and without prior notice. If we modify these General Terms, Privacy Policy, Terms for Running a Security Program and/or the Terms for Engaging in a test, we will post the modification on the Site or provide you with notice of the modification. We will also update the "Last Updated Date" at the top of these Terms. By continuing to access or use the Site or Services after we have posted a modification on the Site or have provided you with notice of a modification, you are agreeing to be bound by the modified Terms. If the modified Terms are not acceptable to you, your only recourse is to cease using the Site and Services.

Eligibility

By accessing or using the Site or Services you represent and warrant that you are 18 or older. If you are under 18 and want to use the Site and Services please contact us on info@cobalt.io.

How the Site and Services Work

The Site and Services can be used to facilitate Security Programs. Such Security Programs are posted on the Site and Services by Program Owners.

Cobalt makes available a platform with related technology for Program Owners to display their Security Programs to Security Researchers which then test Applications/Networks in scope and submit Vulnerability Reports to the Program Owners. Cobalt will perform Background Checks on the Cobalt Core Security Researchers as expressly described in these Terms. Cobalt does not do any Background Checks or other vetting with regard to Security Researchers who are not Core Security Researchers.

Account Registration

In order to access certain features of the Site, and to create Security Programs and/or to test an Application/Network and submit Vulnerability Reports, you must register to create an account ("Cobalt Account") and become a Member. You may register to join the Services directly via the Site or as described in this section.

You can also register to become a Member by logging into your account with certain third party social networking sites ("SNS") (including, but not limited to, GitHub, Google, LinkedIn); each such account, a "Third Party Account", via our Site, as described below. As part of the functionality of the Site and Services, you may link your Cobalt Account with Third Party Accounts, by either: (i) providing your Third Party Account login information to Cobalt through the Site or Services; or (ii) allowing Cobalt to access your Third Party Account, as is permitted under the applicable terms and conditions that govern your use of each Third Party Account. You represent that you are entitled to disclose your Third Party Account login information to Cobalt and/or grant Cobalt access to your Third Party Account (including, but not limited to, for use for the purposes described herein), without breach by you of any of the terms and conditions that govern your use of the applicable Third Party Account and without obligating Cobalt to pay any fees or making Cobalt subject to any usage limitations imposed by such third party service providers. By granting Cobalt access to any Third Party Accounts, you understand that Cobalt will access, make available and store (if applicable) any Content that you have provided to and stored in your Third Party Account ("SNS Content") so that it is available on and through the Site and Services via your Cobalt Account and Cobalt Account profile page. Unless otherwise specified in these Terms, all SNS Content, if any, will be considered to be Member Content for the purposes of these Terms. Depending on the Third Party Accounts you choose and subject to the privacy settings that you have set within such Third Party Accounts, personally identifiable information that you post to your Third Party Accounts will be available on and through your Cobalt Account on the Site and Services. Please note that if a Third Party Account or associated service becomes unavailable or Cobalt’s access to such Third Party Account is terminated by the third party service provider, then SNS Content will no longer be available on and through the Site and Services. You have the ability to disable the connection between your Cobalt Account and your Third Party Accounts, at any time, by accessing the "Settings" section of the Site.

PLEASE NOTE THAT YOUR RELATIONSHIP WITH THE THIRD PARTY SERVICE PROVIDERS ASSOCIATED WITH YOUR THIRD PARTY ACCOUNTS IS GOVERNED SOLELY BY YOUR AGREEMENT(S) WITH SUCH THIRD PARTY SERVICE PROVIDERS.

Cobalt makes no effort to review any SNS Content for any purpose, including but not limited to, for accuracy, legality or non-infringement and Cobalt is not responsible for any SNS Content and is not responsible or liable for the Third Party Service Providers.

Member Account Limitations

We will create your Cobalt Account and your Cobalt Account profile page for your use of the Site based upon the personal information you provide to us or that we obtain via an SNS as described above. As a Security Researcher you may not have more than one (1) active Cobalt Account to Engage in Testing. You agree to provide accurate, current and complete information during the registration process and to update such information to keep it accurate, current and complete. Cobalt reserves the right to suspend or terminate your Cobalt Account and your access to the Site and Services if any information provided during the registration process or thereafter proves to be inaccurate, not current or incomplete. You are responsible for safeguarding your password. You agree that you will not disclose your password to any third party and that you will take sole responsibility for any activities or actions under your Cobalt Account, whether or not you have authorized such activities or actions. You will immediately notify Cobalt of any unauthorized use of your Cobalt Account.

Vetting and Selection of Members and Programs

Cobalt will obtain a background check consisting of identity confirmation and criminal background screening (a “Background Check”) for each Cobalt Core Security Researcher prior to listing such Security Researcher as a Cobalt Core Security Researcher. The Background Check will cover criminal conduct over a period of time to be determined by Cobalt, in its sole discretion, but in all cases shall be limited to the time periods permissible under Applicable Law. Cobalt will not admit any Member to the Cobalt Core Security Researcher Community unless such Member has satisfactorily passed the Background Check as determined by Cobalt in its sole but reasonable discretion. Cobalt does not perform any Background Checks or vetting on any Security Researchers, who are not Cobalt Core Security Researchers, who you contact or use via the Site and Services. Cobalt will not be responsible for any damage or harm resulting from your interactions with any Cobalt Core Security Researcher, other Security Researchers or other Members. Cobalt’s sole and exclusive liability for the Services and the Site shall be as expressly provided for in the “Cobalt Limited Warranty” set forth in these General Terms.

Except as otherwise expressly provided in the Terms, by using the Site or Services, you agree that any legal remedy or liability that you seek to obtain for any acts or omissions of any Members or other third parties will be limited to a claim against the particular Members or other third parties who caused you harm and you agree not to attempt to impose any liability on, or seek any legal remedy from Cobalt with respect to the acts or omissions of other Members or third parties. Accordingly, we encourage you to communicate directly with other Members on the Site and Services regarding any Security Program(s).

User Conduct

You understand and agree that you are solely responsible for compliance with any and all Applicable Laws, rules, regulations, and Tax obligations that may apply to your use of the Site, Services and Content. In connection with your use of our Site and Services, you agree that you will not:

  • violate any Applicable Laws, including, without limitation, privacy laws, zoning restrictions and Tax regulations;
  • use manual or automated software, devices, scripts robots, other means or processes to access, "scrape," "crawl" or "spider" any web pages or other services contained in the Site, Services or Content; Unless requested in a Security Program
  • use the Site or Services for any commercial or other purposes that are not expressly permitted by these Terms;
  • copy, store, modify, prepare derivative works based upon, distribute, license, sell, transfer, publicly display, publicly perform, transmit, broadcast or otherwise exploit or otherwise access any information contained on the Site, Services or Collective Content for purposes not expressly permitted by these Terms;
  • infringe the rights of any person or entity, including without limitation, their intellectual property, privacy, publicity or contractual rights;
  • remove, alter or obscure any copyright, trademark, service mark or other proprietary rights notices incorporated in or accompanying the Site, Services, or Collective Content;
  • interfere with or damage our Site or Services, including, without limitation, through the use of viruses, cancel bots, Trojan horses, harmful code, flood pings, denial-of-service attacks, packet or IP spoofing, forged routing or electronic mail address information or similar methods or technology; Unless requested in a Security Program;
  • use the Site or Services to transmit, distribute, post or submit any information concerning any other person or entity, including without limitation, photographs of others without their permission, personal contact information or credit, debit, calling card or account numbers or other personal information;
  • use the Site or Services in connection with the distribution of unsolicited commercial email ("spam") or advertisements unrelated to Security Programs and Vulnerability Reports;
  • "stalk" or harass any other user of our Site, or Services or collect or store any personally identifiable information about any other user other than for purposes of transacting as an Security Researcher or Program Owner;
  • register for more than one Cobalt Account or register for an Cobalt Account on behalf of an individual other than yourself;
  • contact a Program Owner for any purpose other than communicating related to a Security Program;
  • contact a Security Researcher for any purpose other than communicating related to a Security Program
  • when acting as a Security Researcher, recruit or otherwise solicit any Program Owner or other Member to join third party services or websites that are competitive to Cobalt, without Cobalt’s prior written approval;
  • impersonate any person or entity, or falsify or otherwise misrepresent yourself or your affiliation with any person or entity;
  • post, upload, publish, submit or transmit any Content that: (i) infringes, misappropriates or violates a third party’s patent, copyright, trademark, trade secret, moral rights or other intellectual property rights, or rights of publicity or privacy; (ii) violates, or encourages any conduct that would violate, any Applicable Law or would give rise to civil liability; (iii) is fraudulent, false, misleading or deceptive; (iv) is defamatory, obscene, pornographic, vulgar or offensive; (v) promotes discrimination, bigotry, racism, hatred, harassment or harm against any individual or group; (vi) is violent or threatening or promotes violence or actions that are threatening to any other person; or (vii) promotes illegal or harmful activities or substances;
  • systematically retrieve data or other content from our Site or Services to create or compile, directly or indirectly, in single or multiple downloads, a collection, compilation, database, directory or the like, whether by manual methods, through the use of bots, crawlers, or spiders, or otherwise; Unless requested in a Security Program;
  • use, display, mirror or frame the Site, or any individual element within the Site or Services, Cobalt’s name, logo or other proprietary information, or the layout and design of any page or form contained on a page, without Cobalt’s express written consent;
  • access, tamper with, or use non-public areas of the Site, Cobalt’s computer systems, or the technical delivery systems of Cobalt’s providers;
  • attempt to probe, scan, or test the vulnerability of any Cobalt system or network or breach any security or authentication measures; Unless requested in a Security Program or Approved by Cobalt.
  • avoid, bypass, remove, deactivate, impair, descramble, or otherwise circumvent any technological measure implemented by Cobalt or any of Cobalt’s providers or any other third party (including another user) to protect the Site, Services or Collective Content; Unless Requested in a Security Program or Approved by Cobalt;
  • forge any TCP/IP packet header or any part of the header information in any email or newsgroup posting, or in any way use the Site, Services or Collective Content to send altered, deceptive or false source-identifying information;
  • attempt to decipher, decompile, disassemble or reverse engineer any of the software used to provide the Site, Services or Collective Content; attempt to expose the software or use the software used to provide the Site or Services to recreate such software; or advocate, encourage, or assist any third party in doing any of the foregoing.

A violation of any of the foregoing obligations shall constitute a material breach. In addition to any other rights provided in these Terms.

Cobalt will have the right to investigate and prosecute violations of any of the above to the fullest extent of the law. Cobalt may involve and cooperate with law enforcement authorities in prosecuting users who violate these Terms. You acknowledge that Cobalt has no obligation to monitor your access to or use of the Site, Services or Collective Content or to review or edit any Member Content, but has the right to do so for the purpose of operating, performing, maintaining or improving the Site and Services, to ensure your compliance with the Terms, and to comply with Applicable Law. Cobalt reserves the right, at any time and without prior notice, to remove or disable access to any Collective Content that Cobalt, at its sole discretion, considers to be objectionable for any reason, in violation of these Terms or otherwise harmful to the Site or Services.

Confidentiality

The parties agree that Personal Information exchanged through the use of the Site and Service by Members or others as well as the Cobalt Property (as defined below) and the results contained in the Vulnerability Reports which are owned by you shall constitute Confidential Information (“Confidential Information”). Cobalt and each Member agree as the receiving party to maintain in confidence any Confidential Information made available to the receiving party by a disclosing party in connection with this Agreement and will maintain, use and process any such Information in compliance with any applicable data protection and privacy laws. The receiving party will use such Confidential Information solely for the purpose of performing a party’s obligations or exercising a party’s rights as provided in the Terms or as otherwise approved by the disclosing party. Except as contemplated under these Terms, the receiving party will not disclose the Confidential Information of the disclosing party to a third party other than to its or its Affiliates’ employees, contractors, agents or advisors as necessary to carry out its rights and obligations under these Terms. The receiving party will use reasonable care to avoid disclosure, publication or dissemination of the disclosing party’s Confidential Information and shall establish and maintain appropriate administrative, physical and technical safeguards designed to guard against the destruction, loss, or alteration of Confidential consistent with commercially reasonable industry practice and standards.

Privacy

See Cobalt’s Privacy Policy for information and notices concerning Cobalt’s collection and use of your personal information.

Ownership

The Site, Services, and Collective Content are protected by copyright, trademark, and other laws of the United States of America and foreign countries.

Cobalt Property Ownership: You acknowledge and agree that Cobalt and/or its licensors own all right, title and interest to the Site, Services and Cobalt Content, including without limitation any techniques, ideas, methods, processes, software, utilities, data, documents, directories, designs, user interfaces, know-how, graphics, video content or other data or information acquired, created, developed or licensed by Cobalt forming a part of or made available via the Site, Services or Cobalt Content including all associated intellectual property rights and all modifications, improvements and derivative works thereof (collectively as “Cobalt Property”)..

Program Owner Content Ownership: The parties acknowledge and agree that the Program Owner and/or its licensors own all right, title and interest to the Information related to Applications, Networks and any other Member Content made available by the Program Owner through the Site or Services and any findings contained in the Vulnerability Reports created specifically and uniquely for the Program Owner, but excluding Security Researcher Property (as defined below).

Security Researcher Property Ownership: The parties acknowledge and agree that as between the parties, the Security Researchers and/or their licensors own all right, title and interest to any techniques, ideas, methods, processes, or technical information contained in any Member Content acquired, created, developed or licensed by the Security Researcher prior to or independently outside the scope of a Program Owner’s specific Security Program and any intellectual property rights therein (“Security Researcher Property”).

Cobalt License Grant

Subject to your compliance with the terms and conditions of these Terms, Cobalt grants you a limited, non-exclusive, non-transferable, non-sublicensable license, so long as these Terms remain in effect, to access and view any Cobalt Content solely for your internal use in connection with your use of the Cobalt Services and Site. You have no right to sublicense the license rights granted in this section.

No licenses or rights are granted to you by implication or otherwise under any intellectual property rights owned or controlled by Cobalt or its licensors, except for the licenses and rights expressly granted in these Terms.

Member Content License Grant

We may, in our sole discretion, permit Members to post, upload, publish, submit or transmit Member Content. This License grant section covers the License Grant for Member Content.

Subject to the license rights and restrictions otherwise expressly provided for in these Terms and the Cobalt Privacy Policy, by making available any Member Content on or through the Site and Services, you hereby grant to Cobalt and the other Members a worldwide, irrevocable, perpetual, non-exclusive, transferable, royalty-free license, with the right to sublicense, to use, view, copy, adapt, modify, distribute, license, sell, transfer, publicly display, publicly perform, transmit, stream, broadcast, access, view, and otherwise exploit such Member Content on, through, or by means of the Site and Services.

Cobalt does not claim any ownership rights in any such Member Content and nothing in these Terms will be deemed to restrict any rights that you may have to use and exploit any such Member Content.

Program Owner License Grant

With regard solely to Applications and Networks, each Program Owner, so long as these Terms remain in effect, grants (i) Cobalt a worldwide, non-exclusive, non-transferable (except by assignment or as otherwise expressly permitted under these Terms), royalty-free license to use, access, view, copy, display, transmit and store information relating to the Applications and Networks on, through or by means of the Site and Services for the sole purpose of operating, maintaining, performing, and providing the Site and Services and as otherwise disclosed in the Privacy Policy, and (ii) the Security Researchers a worldwide, non-exclusive, non-transferable (except by assignment or as otherwise expressly permitted under these Terms), royalty-free license to use, access, and view the Applications and Networks and to use, access, and view copy, display, transmit and store information relating to the Applications and Networks on, through or by means of the Site and Services for the sole purpose of Engaging in Testing and/or creating the Vulnerability Reports or otherwise performing tasks in connection with the Security Program.

Security Researcher License Grant

Each Security Researcher hereby grants (i) Cobalt a worldwide, non-exclusive, royalty-free, perpetual, irrevocable, license to use, access, view, copy, transmit and store the Security Researcher Property to the extent made a part of the Vulnerability Report for the purpose of operating, maintaining, performing and providing the Site and Services; and (ii) the Program Owner a worldwide, non-exclusive, royalty-free, transferrable, perpetual, irrevocable, with a right to sublicense, license to, use, access, view, copy, modify, create derivative works of, perform, transmit, sublicense, store, distribute, publish and exploit the Security Researcher Property to the extent made a part of the Vulnerability Report in connection with the Program Owner’s use of the Vulnerability Report.

Statistical Data and Data Sharing

Cobalt shall have the right to collect and create (i) high level, generic, anonymous (i.e. cannot be used to identify any person), statistical and/or benchmarking data derived from the Member Content (“Statistical Data”) for aggregation with other findings, results and information (the “Aggregated Data”) provided that such Aggregated Data does not identify and cannot be used to identify any specific person, Application or Network and each Member hereby grants Cobalt a worldwide, perpetual, irrevocable, fully paid-up, right to use, copy, modify, create derivative works of, publish, and exploit the Statistical Data as incorporated into the Aggregated Data for the purpose of providing, improving, optimizing, and monitoring the performance of the Site, Services and Content and for data analysis purposes.

Member understands and agrees that Cobalt shall have the right to share Member contact details with third party partners and service providers in connection with the delivery of the Services and enabling such partners to offer other software and/or services as related to the Cobalt Services.

Links

The Site and Services may contain links to third-party websites or resources. You acknowledge and agree that Cobalt is not responsible or liable for: (i) the availability or accuracy of such websites or resources; or (ii) the content, products, or services on or available from such websites or resources. Links to such websites or resources do not imply any endorsement by Cobalt of such websites or resources or the content, products, or services available from such websites or resources. You acknowledge sole responsibility for and assume all risk arising from your use of any such websites or resources or the Content, products or services on or available from such websites or resources.

Proprietary Rights Notice

All trademarks, service marks, logos, trade names and any other proprietary designations of Cobalt used herein are trademarks or registered trademarks of Cobalt. Any other trademarks, service marks, logos, trade names and any other proprietary designations are the trademarks or registered trademarks of their respective parties.

Feedback

We welcome and encourage you to provide feedback, comments and suggestions for improvements to the Site and Services ("Feedback"). You may submit Feedback by emailing us at info@cobalt.io or through the about section of the Site. You acknowledge and agree that all Feedback will be the sole and exclusive property of Cobalt and you hereby irrevocably assign to Cobalt and agree to irrevocably assign to Cobalt all of your right, title, and interest in and to all Feedback, including without limitation all worldwide patent, copyright, trade secret, moral and other proprietary or intellectual property rights therein. At Cobalt’s request and expense, you will execute documents and take such further acts as Cobalt may reasonably request to assist Cobalt to acquire, perfect, and maintain its intellectual property rights and other legal protections for the Feedback.

Termination and Cobalt Account Cancellation

We may, in our discretion and without liability to you, with or without cause, with or without prior notice and at any time: (a) terminate these Terms or your access to our Site and Services, and (b) deactivate or cancel your Cobalt Account. Upon termination we will promptly pay you any amounts we reasonably determine we owe you in our discretion, which we are legally obligated to pay you. In the event Cobalt terminates these Terms, or your access to our Site and Services or deactivates or cancels your Cobalt Account you will remain liable for all amounts due hereunder. Notwithstanding the foregoing, Cobalt shall not cancel a Program Owner Account if there is an active Order in effect unless such termination is for cause. Unless otherwise specified in the Order, “cause” shall mean a material breach by Program Owner of these Terms or an Order and the failure to cure such breach within 30 days following Program Owner’s receipt of notice (email is sufficient) of such breach. In addition, without cancelling the Cobalt Account, Cobalt may, in its sole discretion, temporarily suspend Program Owner’s Cobalt Account if there is a threat to security or of imminent harm. You may cancel your Cobalt Account at any time via the "Cancel Account" feature of the Services or by sending an email to info@cobalt.io provided that any such cancellation by a Program Owner shall not affect any obligations of Program Owner under an active Order including any payment obligations unless otherwise expressly agreed by the parties in the Order. Please note that if your Cobalt Account is cancelled, we do not have an obligation to delete or return to you any Content you have posted to the Site and Services, including, but not limited to, any reviews or Feedback unless explicitly agreed in an Order.

Member Content Responsibilities and Warranties

You acknowledge and agree that you are solely responsible for all Member Content that you make available through the Site and Services. Accordingly, you represent and warrant that: (i) you either are the sole and exclusive owner of all Member Content that you make available through the Site and Services or you have all necessary legal rights, licenses, consents and releases to grant to Cobalt and other Members the rights in such Member Content, as contemplated under these Terms; and (ii) neither the Member Content nor your posting, uploading, publication, sublicensing, submission or transmittal of the Member Content or Cobalt’s or other Members’ use of the Member Content (or any portion thereof) on, through or by means of the Site and the Services will infringe, misappropriate or violate any third party patent, copyright, trademark, trade secret, moral rights or other proprietary or intellectual property rights, or rights of publicity or privacy, or result in the violation of any Applicable Law.

Cobalt Limited Warranty

Cobalt represents and warrants that (i) it shall provide the Services and meet its obligations under an Order in a timely and professional manner and will provide a standard of care equal to, or superior to, care used by service providers similar to Cobalt on similar projects; and (ii) that the Cobalt Core Security Researches have the general skills and expertise necessary to perform penetration testing. If the Program Owner notifies Cobalt of a breach of the limited Cobalt warranty as set forth in this provision within twenty (20) days of the performance of the task giving rise to the breach, as Program Owner’s sole and exclusive right and remedy and Cobalt’s sole and exclusive liability for breach of this limited warranty, Cobalt shall, at the Program Owner’s request and option, either extend the period of testing to perform additional testing or provide a re-test using a different Cobalt Core Security Researcher.

DISCLAIMERS

YOU ACKNOWLEDGE AND AGREE THAT EXCEPT FOR THE EXPRESS “COBALT LIMITED WARRANTY” SET FORTH IN THESE TERMS, THE SITE, SERVICES AND COLLECTIVE CONTENT ARE PROVIDED "AS IS", WITHOUT ANY REPRESENTATIONS OR WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. WITHOUT LIMITING THE FOREGOING, COBALT EXPLICITLY DISCLAIMS ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT, AND ANY WARRANTIES ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. COBALT MAKES NO WARRANTY THAT THE SITE, SERVICES, COLLECTIVE CONTENT, INCLUDING, BUT NOT LIMITED TO, THE SECURITY PROGRAMS OR ANY VULNERABILITY REPORTS WILL MEET YOUR REQUIREMENTS OR BE AVAILABLE ON AN UNINTERRUPTED, SECURE, OR ERROR-FREE BASIS. COBALT MAKES NO WARRANTY REGARDING THE QUALITY OF ANY SECURITY PROGRAMS AND VULNERABILITY REPORTS, THE SERVICES OR COLLECTIVE CONTENT OR THE ACCURACY, TIMELINESS, TRUTHFULNESS, COMPLETENESS OR RELIABILITY OF ANY SECURITY PROGRAMS, VULNERABILITY REPORTS OR OTHER COLLECTIVE CONTENT OBTAINED THROUGH THE SITE OR SERVICES.

NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM COBALT OR THROUGH THE SITE, SERVICES OR COLLECTIVE CONTENT, WILL CREATE ANY WARRANTY NOT EXPRESSLY MADE HEREIN.

YOU ARE SOLELY RESPONSIBLE FOR ALL OF YOUR COMMUNICATIONS AND INTERACTIONS WITH OTHER USERS OF THE SITE OR SERVICES AND WITH OTHER PERSONS WITH WHOM YOU COMMUNICATE OR INTERACT AS A RESULT OF YOUR USE OF THE SITE OR SERVICES, INCLUDING, BUT NOT LIMITED TO, ANY SECURITY RESEARCHERS OR PROGRAM OWNERS. YOU UNDERSTAND THAT COBALT DOES NOT MAKE ANY ATTEMPT TO VERIFY THE STATEMENTS OF USERS OF THE SITE OR SERVICES OR TO VERIFY ANY SECURITY PROGRAMS OR VULNERABILITY REPORTS. YOU AGREE TO TAKE REASONABLE PRECAUTIONS IN ALL COMMUNICATIONS AND INTERACTIONS WITH OTHER USERS OF THE SITE OR SERVICES AND WITH OTHER PERSONS WITH WHOM YOU COMMUNICATE OR INTERACT AS A RESULT OF YOUR USE OF THE SITE OR SERVICES, INCLUDING, BUT NOT LIMITED TO, SECURITY RESEARCHERS AND PROGRAM OWNERS.

LIMITATION OF LIABILITY

YOU ACKNOWLEDGE AND AGREE THAT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER COBALT NOR ITS LICENSORS, SUPPLIERS, OR CONTRACTORS WILL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, LOSS OF DATA OR LOSS OF GOODWILL, SERVICE INTERRUPTION, COMPUTER DAMAGE OR SYSTEM FAILURE OR THE COST OF SUBSTITUTE PRODUCTS OR SERVICES, OR FOR ANY DAMAGES FOR PERSONAL OR BODILY INJURY OR EMOTIONAL DISTRESS ARISING OUT OF OR IN CONNECTION WITH THE TERMS, THE USE OF OR INABILITY TO USE THE SITE, SERVICES OR COLLECTIVE CONTENT, FROM ANY COMMUNICATIONS OR INTERACTIONS WITH OTHER USERS OF THE SITE OR SERVICES, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT COBALT HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE, EVEN IF A LIMITED REMEDY SET FORTH HEREIN IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NO EVENT WILL COBALT’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO WITH THE TERMS AND YOUR USE OF THE SITE AND SERVICES INCLUDING, BUT NOT LIMITED TO, FROM YOUR LISTING OF YOUR SECURITY PROGRAM OR VULNERABILITY REPORT VIA THE SITE AND SERVICES EXCEED THE TOTAL OF THE AMOUNTS YOU HAVE PAID AND OR OWE IN RELATION TO A SPECIFIC SECURITY PROGRAM VIA THE SITE AND SERVICES AS A PROGRAM OWNER DURING THE TWELVE (12) MONTH SUBSCRIPTION PERIOD DURING WHICH THE EVENT GIVING RISE TO THE LIABILITY OCCURRED, OR IF YOU ARE A SECURITY RESEARCHER, THE AMOUNTS PAID BY COBALT TO YOU IN THE TWELVE (12) MONTH PERIOD PRIOR TO THE EVENT GIVING RISE TO THE LIABILITY, OR ONE HUNDRED DOLLARS ($100) IF NO SUCH PAYMENTS HAVE BEEN MADE OR ARE OWED, AS APPLICABLE. THE LIMITATIONS OF DAMAGES SET FORTH ABOVE ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN COBALT AND YOU. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE LIMITATION MAY NOT APPLY TO YOU.

YOU AS THE PROGRAM OWNER UNDERSTAND AND AGREE THAT THE NATURE OF PENETRATION TESTING MAY CAUSE HARM OR DISRUPTION TO APPLICATIONS AND/OR NETWORKS AND THAT NEITHER COBALT NOR THE SECURITY RESEARCHERS SHALL HAVE ANY LIABILITY OF ANY KIND ARISING OUT OF SUCH TESTING ACTIVITIES UNLESS THE SECURITY RESEARCHER HAS COMMITTED GROSS NEGLIGENCE OR COMMITTED WILLFUL MISCONDUCT IN THE PERFORMANCE OF SUCH TESTING.

Indemnification

In addition to any indemnification provided for in applicable Supplement Terms, you agree to release, indemnify, and hold Cobalt and its affiliates and subsidiaries, and their officers, directors, employees and agents, harmless from and against any claims, liabilities, damages, losses, and expenses, including, without limitation, reasonable legal and accounting fees, arising out of or in any way connected with (i) your access to or use of the Site, Services, or Collective Content in violation of these Terms; (ii) your Member Content; (iii) your breach, default or violation of your representations, warranties and/or obligations under the Terms (iv) your improper or unlawful interaction with any other Members; and (v) your violation of Applicable law (collectively the “Indemnified Claims”). You hereby agree to defend Cobalt, at your expense, from and against any and all claims, actions, suits or proceedings brought by a third party arising out or relating to the Indemnified Claims.

Reporting Misconduct

If you interact with anyone who you feel is acting or has acted inappropriately, including but not limited to, anyone who (i) engages in offensive, violent or sexually inappropriate behavior, (ii) you suspect of stealing from you, or (iii) engages in any other disturbing conduct, you should immediately report such person to the appropriate authorities and then to Cobalt by contacting us with your police station and report number at info@cobalt.io; provided that your report will not obligate us to take any action beyond that required by law (if any) or cause us to incur any liability to you.

Assigning and Subcontracting

You may not assign, transfer, delegate or subcontract these Terms or any of your rights or obligations under these Terms, in whole or in part, by sale of assets, merger, operation of law or otherwise, without Cobalt’s prior written consent. Any attempt by you to assign, transfer, delegate or subcontract these Terms or any of your rights or obligations under these Terms, without such consent, will be null and of no effect and in such event, Cobalt shall have the right to immediately terminate your rights under these Terms and seek any remedies available to it at law or in equity. Cobalt may assign or transfer these Terms, at its sole discretion, without restriction. Cobalt has the right to use subcontractors in connection with providing the Site and Services. Subject to the foregoing, these Terms will bind and inure to the benefit of the parties, their successors and permitted assigns.

Notices

Any notices or other communications permitted or required hereunder, including those regarding modifications to these Terms, will be in writing and given by Cobalt (i) via email (in each case to the address that you provide) or (ii) by posting to the Site. Notices to Cobalt shall be sent to info@cobalt.io. For notices made by e-mail, the date of receipt will be deemed the date on which such notice is transmitted.

Controlling Law and Jurisdiction

These Terms will be interpreted in accordance with the laws of the State of California and the United States of America, without regard to its conflict-of-law provisions. You and we agree to submit to the personal jurisdiction of a state court located in San Francisco County, San Francisco, California or a United States District Court, Northern District of California located in San Francisco, California for any actions for which the parties retain the right to seek injunctive or other equitable relief in a court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation or violation of a party’s copyrights, trademarks, trade secrets, patents, or other intellectual property rights, as set forth in the Dispute Resolution provision below.

Dispute Resolution

You and Cobalt agree that any dispute, claim or controversy arising out of or relating to these Terms or the breach, termination, enforcement, interpretation or validity thereof, or to the use of the Services or use of the Site (collectively, "Disputes") will be settled by binding arbitration , except that each party retains the right to seek injunctive or other equitable relief in a court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation or violation of a party’s copyrights, trademarks, trade secrets, patents, or other intellectual property rights. You acknowledge and agree that you and Cobalt are each waiving the right to a trial by jury or to participate as a plaintiff or class member in any purported class action or representative proceeding. Further, unless both you and Cobalt otherwise agree in writing, the arbitrator may not consolidate more than one person's claims, and may not otherwise preside over any form of any class or representative proceeding. If this specific paragraph is held unenforceable, then the entirety of this "Dispute Resolution" section will be deemed void. Except as provided in the preceding sentence, this "Dispute Resolution" section will survive any termination of these Terms.

Arbitration Rules and Governing Law. The arbitration will be administered by the American Arbitration Association ("AAA") in accordance with the Commercial Arbitration Rules and the Supplementary Procedures for Consumer Related Disputes (the "AAA Rules") then in effect, except as modified by this "Dispute Resolution" section. (The AAA Rules are available at http://www.adr.org/arb_med or by calling the AAA at 1-800-778-7879.) The Federal Arbitration Act will govern the interpretation and enforcement of this section.

Arbitration Process. A party who desires to initiate arbitration must provide the other party with a written Demand for Arbitration as specified in the AAA Rules. (The AAA provides a form Demand for Arbitration at http://www.adr.org/aaa/ShowPDF?doc=ADRSTG_004175 and a separate form for California residents at http://adr.org/aaa/ShowPDF?doc=ADRSTG_004314.) The arbitrator will be either a retired judge or an attorney licensed to practice law in the state of California and will be selected by the parties from the AAA’s roster of consumer dispute arbitrators. If the parties are unable to agree upon an arbitrator within seven (7) days of delivery of the Demand for Arbitration, then the AAA will appoint the arbitrator in accordance with the AAA Rules.

Arbitration Location and Procedure. Unless you and Cobalt otherwise agree, the arbitration will be conducted in the county where you reside. If your claim does not exceed $10,000, then the arbitration will be conducted solely on the basis of documents you and Cobalt submit to the arbitrator, unless you request a hearing or the arbitrator determines that a hearing is necessary. If your claim exceeds $10,000, your right to a hearing will be determined by the AAA Rules. Subject to the AAA Rules, the arbitrator will have the discretion to direct a reasonable exchange of information by the parties, consistent with the expedited nature of the arbitration.

Arbitrator’s Decision. The arbitrator will render an award within the time frame specified in the AAA Rules. The arbitrator’s decision will include the essential findings and conclusions upon which the arbitrator based the award. Judgment on the arbitration award may be entered in any court having jurisdiction thereof. The arbitrator’s award damages must be consistent with the terms of the "Limitation of Liability" section above as to the types and the amounts of damages for which a party may be held liable. The arbitrator may award declaratory or injunctive relief only in favor of the claimant and only to the extent necessary to provide relief warranted by the claimant’s individual claim. If you prevail in arbitration you will be entitled to an award of attorneys’ fees and expenses, to the extent provided under Applicable Law. Cobalt will not seek, and hereby waives all rights it may have under Applicable Law to recover, attorneys’ fees and expenses if it prevails in arbitration.

Fees. Your responsibility to pay any AAA filing, administrative and arbitrator fees will be solely as set forth in the AAA Rules. However, if your claim for damages does not exceed $75,000, Cobalt will pay all such fees unless the arbitrator finds that either the substance of your claim or the relief sought in your Demand for Arbitration was frivolous or was brought for an improper purpose (as measured by the standards set forth in Federal Rule of Civil Procedure 11(b)).

Changes. Notwithstanding the provisions of the "Modification" section above, if Cobalt changes this "Dispute Resolution" section after the date you first accepted these Terms (or accepted any subsequent changes to these Terms), you may reject any such change by sending us written notice (including by email to info@cobalt.io) within 30 days of the date such change became effective, as indicated in the "Last Updated Date" above or in the date of Cobalt’s email to you notifying you of such change. By rejecting any change, you are agreeing that you will arbitrate any Dispute between you and Cobalt in accordance with the provisions of this "Dispute Resolution" section as of the date you first accepted these Terms (or accepted any subsequent changes to these Terms).

MISCELLANEOUS

The failure of Cobalt to enforce any right or provision of these Terms will not constitute a waiver of future enforcement of that right or provision. The waiver of any such right or provision will be effective only if in writing and signed by a duly authorized representative of Cobalt. Except as expressly set forth in these Terms, the exercise by either party of any of its remedies under these Terms will be without prejudice to its other remedies under these Terms or otherwise. If for any reason an arbitrator or a court of competent jurisdiction finds any provision of these Terms invalid or unenforceable, that provision will be enforced to the maximum extent permissible and the other provisions of these Terms will remain in full force and effect.