Educause Security Discussion mailing list archives
Re: Tenable License Agreement
From: Chris Green <cmgreen () UAB EDU>
Date: Fri, 19 Sep 2008 10:23:57 -0500
Valdis Kletnieks wrote:
On Wed, 17 Sep 2008 14:43:00 CDT, Chris Green said:That's language our Legal department won't accept under any circumstances.Did your Legal people explain *why* they won't accept it, and/or give possible alternate wordage they would find acceptable?
Tenable is trying to hold fast on not negotiating. I'm just seeing if anyone else had this same issue. I *think* what it's saying is
that if you use Nessus against (for example) a computer that happens to be embedded in medical equipment, and the Nessus scan crashes the NT4 SP2 system inside it and somebody dies, you can't sue Tenable.
Yup, I understand the argument all too well on both sides. We are prevented from providing legal protection for 3rd parties.
I'd be surprised if *most* EULAs and software licenses that your site has either negotiated or click-through'ed don't have similar language - they usually disavow all liability they legally can.
There are 3 people here that are authorized to sign documents. Click-Throughs are a whole ball of wax that are viewed as an individual contract and not the institution agreeing to it because the clicker isn't an authorized person to make agreements on behalf of the University.
What's in the Tenable agreement that isn't in a Microsoft or Oracle or <fill in the blank> license, that gives your legal people the willies?
Providing indemnity. They have alternative language that says tries to boil down to "our staff problemns are our problems Liability. University and Contractor shall each be responsible for any and all liability resulting from the acts and/or omissions of their respective employees, officers, directors, agents and contractors. Neither party shall be liable for any liability resulting from the acts and/or omissions of the other party’s employees, officers, directors, agents and contractors. University is not authorized to and does not indemnify, hold harmless, and cannot defend Contractor or any third party for any liability that may result from activities under this Agreement. Limitations. The Parties are aware that there are constitutional and statutory limitations on the authority of University (a state agency) to enter into certain terms and conditions of the Agreement, including, but not limited to, those terms and conditions relating to liens on University’s property; disclaimers and limitations of liability for damages; waivers, disclaimers and limitations of legal rights, remedies, requirements and processes; limitations of periods to bring legal action; granting control of litigation or settlement to another party; liability for acts or omissions of third parties; payment of attorneys’ fees; dispute resolution; indemnities; and confidentiality (collectively, the “Limitations”), and terms and conditions related to the Limitations will not be binding on University except to the extent authorized by the laws and Constitution of the State of alabama.
Current thread:
- Tenable License Agreement Chris Green (Sep 17)
- <Possible follow-ups>
- Re: Tenable License Agreement Valdis Kletnieks (Sep 17)
- Re: Tenable License Agreement Marty Hoag (Sep 17)
- Re: Tenable License Agreement Bradley, Stephen W. Mr. (Sep 17)
- Re: Tenable License Agreement Charlie Prothero (Sep 18)
- Re: Tenable License Agreement Chris Green (Sep 19)
- Re: Tenable License Agreement John Ladwig (Sep 19)