Re: Tenable License Agreement

[Chris Green <cmgreen () UAB EDU>]

Valdis Kletnieks wrote:
> On Wed, 17 Sep 2008 14:43:00 CDT, Chris Green said:
>
> > That's language our Legal department won't accept under any circumstances.
>
> Did your Legal people explain *why* they won't accept it, and/or give possible
> alternate wordage they would find acceptable?

Tenable is trying to hold fast on not negotiating.  I'm just seeing if
anyone else had this same issue.

 I *think* what it's saying is
> that if you use Nessus against (for example) a computer that happens to be
> embedded in medical equipment, and the Nessus scan crashes the NT4 SP2 system
> inside it and somebody dies, you can't sue Tenable.

Yup, I understand the argument all too well on both sides. We are
prevented from providing legal protection for 3rd parties.

> I'd be surprised if *most* EULAs and software licenses that your site has
> either negotiated or click-through'ed don't have similar language - they usually
> disavow all liability they legally can.

There are 3 people here that are authorized to sign documents.
Click-Throughs are a whole ball of wax that are viewed as an individual
contract and not the institution agreeing to it because the clicker
isn't an authorized person to make agreements on behalf of the University.

> What's in the Tenable agreement that
> isn't in a Microsoft or Oracle or <fill in the blank> license, that gives your
> legal people the willies?


Providing indemnity.  They have alternative language that says tries to
boil down to "our staff problemns are our problems

Liability.   University and Contractor shall each be responsible for any
and all liability resulting from the acts and/or omissions of their
respective employees, officers, directors, agents and contractors.
Neither party shall be liable for any liability resulting from the acts
and/or omissions of the other party’s employees, officers, directors,
agents and contractors.  University is not authorized to and does not
indemnify, hold harmless, and cannot defend Contractor or any third
party for any liability that may result from activities under this
Agreement.



Limitations.  The Parties are aware that there are constitutional and
statutory limitations on the authority of University (a state agency) to
enter into certain terms and conditions of the Agreement, including, but
not limited to, those terms and conditions relating to liens on
University’s property; disclaimers and limitations of liability for
damages; waivers, disclaimers and limitations of legal rights, remedies,
requirements and processes; limitations of periods to bring legal
action; granting control of litigation or settlement to another party;
liability for acts or omissions of third parties; payment of attorneys’
fees; dispute resolution; indemnities; and confidentiality
(collectively, the “Limitations”), and terms and conditions related to
the Limitations will not be binding on University except to the extent
authorized by the laws and Constitution of the State of alabama.