Last Modified: April 5, 2022
These Terms and Conditions (“Terms”) cover your participation in the ForAllSecure Mayhem Heroes Program (the “Program”). These Terms are between you and ForAllSecure, Inc. (“ForAllSecure,” “us,” or “we”). These Terms consist of the Program Overview, the Program Terms and Conditions, and any additional agreements incorporated by reference.
You must accept these Terms to receive payment under the Program, and your submission of a request for payment under these Terms will be deemed acceptance of these Terms.
1. Program Description
The Program encourages the integration of ForAllSecure’s products and services, including Mayhem for API and Mayhem for Code (the “Cloud Services”), to make open source software more secure by offering a chance to earn rewards (“Rewards”) as set forth in these Terms.
2. Qualified Integrations
You have a chance to earn Rewards if you integrate the Cloud Services (an “Integration”) into a public repository on github.com that (i) contains open source software subject to license(s) that permit an Integration and (ii) is listed on https://github.com/mayhemheros (a “Qualified Repository”). We reserve the right to update the listing of Qualified Repositories at any time and in our sole discretion. Use of the Cloud Services to analyze software in any non-public repositories is prohibited under these Terms, even if such non-public repositories contain open source software.
ForAllSecure may pay Rewards for an Integration into a Qualified Repository as follows:
- Up to $750 per Qualified Repository upon initial acceptance; and
- Up to an additional $250 per Qualified Repository if the Integration continues to function for at least 30 days.
Final Rewards will be determined by ForAllSecure in its sole discretion, and ForAllSecure will only pay Rewards to users who comply with these Terms and meet the “Eligibility Requirements” set forth below.
ForAllSecure will only pay Rewards for the first eligible Integration into a Qualified Repository and requires that the Integration be hosted in https://github.com/mayhemheroes namespace prior to payment. Rewards are limited to one award per Qualified Repository, and Rewards amounts may change with time. Past amounts do not necessarily guarantee the same amount in the future.
You are solely responsible for all federal, state, and local taxes related to any Rewards payments. In addition, you acknowledge that, in exchange for any Rewards payment, you are agreeing that the Integration was a “work made for hire” and are otherwise assigning intellectual property rights to ForAllSecure as described under “Intellectual Property” below.
4. Eligibility Requirements
Requests for Rewards payments must be submitted through https://forallsecure.com/mayhem-heroes-bounty and by submitting a request for a Rewards payment, you are certifying that you:
- are at least 18 years of age;
- are a resident of the United States, with the right to work in the United States;
- did not and will not access any personal information that is not your own during the integration;
- did not and will not violate any applicable law or regulation, including laws prohibiting unauthorized access to information;
- complied with all applicable licenses related to both the Cloud Services and the Qualified Repository to implement the integration; and
- are requesting Rewards in your individual capacity or, if you are employed by a company or other entity and are requesting on behalf of your employer, you have your employer’s written approval to do so.
- ForAllSecure reserves the rights to withhold payments if it believes you cannot make the above certifications or if you fail to provide information that ForAllSecure may reasonably request to verify eligibility and process payments, which may include your address and tax identification number.
5. Additional Terms and Restrictions.
Your use of the Cloud Services to participate in the Program is governed by the ForAllSecure License Agreement for Free Services available at https://mayhem.forallsecure.com/-/tos-mcode-free, or the applicable ForAllSecure License Agreement that governs your use of either Mayhem for API or Mayhem for Code (in each case, the “Cloud Service Terms”), which are incorporated by reference into these Terms. In the event of a conflict between these Terms and the Cloud Service Terms, these Terms shall control for your use of the Cloud Services in connection with the Program only. ForAllSecure may change or cancel this Program at any time, for any reason.
In addition, you shall not use the Cloud Services, or any portion thereof:
- for the benefit of any third party or in any manner not permitted by these Terms;
- to infringe, misappropriate, or violate a third party’s intellectual property rights, or rights of publicity or privacy;
- to exploit a vulnerability except as permitted by these Terms;
- to obtain bounties under any separate bug bounty or similar program;
- to disclose results of the Integration to a third party (see “Responsible Disclosure” below);
- to extort or otherwise attempt to obtain money or services by coercion; or
- to violate any applicable law or regulation.
6. Responsible Disclosure
ForAllSecure is committed to the practice of responsible disclosure, which involves privately notifying affected repository maintainers and software providers of vulnerabilities. This provides the impacted parties a chance to patch the vulnerability before the details are public, which ensures that end users of the affected software are not put at undue risk. If your Integration reveals vulnerabilities in the code in the Qualified Repository and you accept payment for that Integration under these Terms, you acknowledge that ForAllSecure will control if and how those vulnerabilities are disclosed to others.
ForAllSecure generally adheres to a 90-day embargo period pursuant to which we notify the repository owner promptly after the discovery of any vulnerabilities, with details shared to the public after 90 days, or sooner if a fix is released. While we are committed to treating all impacted parties fairly, ForAllSecure reserves the right to bring deadlines forwards or backwards depending on the circumstances.
Program Terms and Conditions
1. Representations and Warranties.
You hereby represent and warrant to ForAllSecure that: (a) you have the right to enter into these Terms, to grant the rights granted herein, and to perform fully all of your obligations in these Terms; (b) you meet the Program eligibility requirements; (c) your entering into these Terms with ForAllSecure does not and will not conflict with or result in any breach or default under any other agreement to which you are subject; and (d) you shall participate in the Program in compliance with all applicable federal, state, and local laws and regulations.
2. Independent Contractor.
You are an independent contractor of ForAllSecure, and these Terms shall not be construed to create any association, partnership, joint venture, employment, or agency relationship between you and ForAllSecure for any purpose. You have no authority (and shall not hold yourself out as having authority) to bind ForAllSecure and you shall not make any agreements or representations on ForAllSecure’s behalf without ForAllSecure’s prior written consent. You will not be eligible to participate in any vacation, group medical or life insurance, disability, profit sharing or retirement benefits, or any other fringe benefits or benefit plans offered by ForAllSecure to its employees, and ForAllSecure will not be responsible for withholding or paying any income, payroll, Social Security, or other federal, state, or local taxes, making any insurance contributions, including for unemployment or disability, or obtaining workers’ compensation insurance on your behalf.
3. Intellectual Property.
- All information, including reports, data, assessments, analyses, compilations, or vulnerabilities, collected by, derived from, created by, or returned by your use of the Cloud Services in connection with this Program (“Program Data”), and all patents, copyrights, trademarks, trade-secrets, know-how, and other confidential or proprietary information, and other intellectual property rights (“Intellectual Property Rights”) therein, shall be owned exclusively by ForAllSecure. You acknowledge and agree that any and all Program Data that may qualify as “work made for hire” for ForAllSecure and all copyrights therein shall automatically and immediately vest in ForAllSecure. To the extent that the Integration or any other use of the Cloud Services in connection with this Program does not constitute “work made for hire,” you hereby irrevocably assign to ForAllSecure and its successors and assigns, for no additional consideration, your entire right, title, and interest in and to such Program Data and all Intellectual Property Rights therein, including the right to sue, counterclaim, and recover for all past, present, and future infringement, misappropriation, or dilution thereof.
- Upon the request of ForAllSecure, you shall promptly take such further actions, including execution and delivery of all appropriate instruments of conveyance, and provide further such cooperation, as may be necessary to assist ForAllSecure to apply for, prosecute, register, maintain, perfect, record, or enforce its rights in any Program Data and all Intellectual Property Rights therein. In the event ForAllSecure is unable, after reasonable effort, to obtain your signature on any such documents, you hereby irrevocably designate and appoint ForAllSecure as your agent and attorney-in-fact, to act for and on your behalf solely to execute and file any such application or other document and do all other lawfully permitted acts to further the prosecution and issuance of patents, copyrights, or other intellectual property protection related to the Program Data with the same legal force and effect as if you had executed them. You agree that this power of attorney is coupled with an interest.
- ForAllSecure hereby grants to you a revocable, non-exclusive, non-transferable, non-sublicensable, worldwide, royalty-free license to use the Cloud Services and access and view the content that ForAllSecure makes available on the Cloud Services solely in connection with your use of the Cloud Services in accordance with these Terms. ForAllSecure may change or discontinue all or any part of the Program or the Cloud Services, including your access to it, at ForAllSecure’s discretion.
- You acknowledge that you will have access to information that is treated as confidential and proprietary by ForAllSecure including the Cloud Services, technology and technical information, security reports, vulnerabilities, Program Data, and other confidential information in each case whether orally or in written, electronic, or other form or media/in written or electronic form or media, and whether or not marked, designated, or otherwise identified as “confidential” at the time of disclosure (collectively, the “Confidential Information”). Any Confidential Information that you access or develop in connection with the Program, including but not limited to any Program Data, shall be subject to the terms and conditions of this clause. You agree to treat all Confidential Information as strictly confidential, not to disclose Confidential Information or permit it to be disclosed, in whole or part, to any third party without the prior written consent of ForAllSecure in each instance, and not to use any Confidential Information for any purpose except as expressly authorized by these Terms. You shall notify ForAllSecure immediately in the event you become aware of any loss or disclosure of any Confidential Information.
- Confidential Information shall not include information that: (a) is or becomes generally available to the public other than through your breach of these Terms; (b) is rightfully obtained by you from a third party that had no confidential obligations with respect to such information; or (c) is independently developed by you outside this Program without breach of any obligation owed to ForAllSecure.
5. Limitation of Liability.
TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT SHALL (I) FORALLSECURE BE LIABLE FOR ANY INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, LOSS OF DATA OR GOODWILL, SERVICE INTERRUPTION, COMPUTER DAMAGE OR SYSTEM FAILURE, OR THE COST OF SUBSTITUTE SERVICES ARISING OUT OF OR IN CONNECTION WITH THESE TERMS, THE PROGRAM, OR FROM THE USE OF OR INABILITY TO USE THE CLOUD SERVICES, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT FORALLSECURE HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE; AND (II) FORALLSECURE’S TOTAL LIABILITY TO YOU ARISING OUT OF OR IN CONNECTION WITH THESE TERMS, THE PROGRAM, OR FROM THE USE OF OR INABILITY TO USE THE CLOUD SERVICES EXCEED ONE HUNDRED DOLLARS ($100).
You shall indemnify, defend, and hold harmless ForAllSecure and its affiliates and their officers, directors, employees, agents, successors, and assigns from and against all losses, damages, liabilities, deficiencies, actions, judgments, interest, awards, penalties, fines, costs or expenses of whatever kind (including reasonable attorneys’ fees) arising out of or resulting from: (a) your breach of any representation, warranty, or obligation under these Terms; and (b) your unauthorized use of the Cloud Services.
You acknowledge and agree that we have the right, in our sole discretion, to modify these Terms from time to time, and that modified terms become effective on posting. Your continued participation in the Program after the effective date of the modifications will be deemed acceptance of the modified terms.
8. Governing Law and Jurisdiction.
These Terms are governed by and construed in accordance with the internal laws of the State of Pennsylvania without giving effect to any choice or conflict of law provision or rule that would require or permit the application of the laws of any jurisdiction other than those of the State of Pennsylvania. Any legal suit, action, or proceeding arising out of or related to these Terms or the rights granted hereunder will be instituted in the federal courts of the United States or the courts of the State of Pennsylvania in each case located in the city of Pittsburgh and County of Allegheny, and each party irrevocably submits to the jurisdiction of such courts in any such suit, action, or proceeding.
These Terms constitutes the entire agreement and understanding between the parties hereto with respect to the subject matter hereof and supersedes all prior and contemporaneous understandings, agreements, representations, and warranties, both written and oral, with respect to such subject matter. Any notices to us must be sent to our corporate headquarters address available at https://forallsecure.com/about-us and must be delivered either in person, by certified or registered mail, return receipt requested and postage prepaid, or by recognized overnight courier service, and are deemed given upon receipt by us. You agree that any notices, agreements, disclosures, or other communications that we send to you electronically will satisfy any legal communication requirements, including that such communications be in writing. The invalidity, illegality, or unenforceability of any provision herein does not affect any other provision herein or the validity, legality, or enforceability of such provision in any other jurisdiction. Any failure to act by us with respect to a breach of these Terms by you or others does not constitute a waiver and will not limit our rights with respect to such breach or any subsequent breaches. These Terms are personal to you and may not be assigned or transferred for any reason whatsoever without our prior written consent and any action or conduct in violation of the foregoing will be void and without effect. We expressly reserve the right to assign these Terms and to delegate any of its obligations hereunder. There are no third-party beneficiaries to these Terms.
[END OF TERMS AND CONDITIONS]