Current Offerings
WhiteHat Auto API Standard Edition ("Auto API"): Customer acknowledges the following: (i) it must configure the Auto API service to enable such service to run effectively and provide meaningful results, either manually, via the upload of supported API Documentation (as defined below), or by a combination of both methods; (ii) the Auto API service may be configured by Customer to enable certain unsafe HTTP request methods (per Hypertext Transfer Protocol ? HTTP/1.1 RFC 2616) that could have an adverse impact on Customer's systems, and that in the event Customer enables such methods, it assumes all associated risks; and (iii) certain types of API Documentation and certain API architectures may not be fully supported by the Auto API service. Notwithstanding any existing definitions Customer may have agreed to previously under a master services agreement between Customer and Black Duck, for the purposes of this Quote or Service Order, the following definitions shall apply: (1) "API" means a web service that is accessible via a single hostname and port by using hypertext transfer protocol (HTTP/1.1) and returns a valid HTTP/1.1 response. A single API may include no more than 200 Operations. (2) "API Documentation" refers to a description of the API and its functionality, in a standardized, supported format. (3) "Operation" means a discrete function accessed via a combination of its API's base URL, the Operation's path, the HTTP Method, and a request payload.
BE / PE / SE Unlimited: Customer acknowledges and agrees that (a) Customer is required to provide to Black Duck in writing the hostnames representing the Web Application(s) to be tested by the Services, and (b) Customer may not change the hostnames that represent a given Web Application during the Term without purchasing an additional Services subscription in connection with such change.
Computer Based Training: Use of the Computer Based Training purchased under this Quote or Service Order is subject to the terms and conditions found here: https://www.whitehatsec.com/terms-conditions/computer-based-training/ ("CBT Terms"). In the event of a conflict between the terms of the Agreement (including this Service Order or Quote) and the CBT Terms, the terms of the Agreement will prevail, to the extent of any conflict.
NowSecure Platform: Customer acknowledges and agrees that its use of the Services purchased under this Quote or Service Order are subject to the terms set forth here: https://www.nowsecure.com/terms-and-conditions/ (the "NowSecure Terms"). In the event of a conflict between the terms of the Agreement (including this Quote or Service Order) and the NowSecure Terms, the terms of the Agreement will prevail, to the extent of any such conflict.
Sentinel Baseline Edition: Customer acknowledges and agrees that (a) Customer is required to provide to Black Duck in writing the hostnames representing the Web Application(s) to be tested by the Services, and (b) Customer may not change the hostnames that represent a given Web Application during the Term without purchasing an additional Services subscription in connection with such change.
Sentinel Mobile Standard Edition: For WhiteHat Sentinel Mobile Standard Edition, Customer must provide the binary code of a Mobile Application that is signed, for development and testing purposes, by the application developer.
Sentinel Premium Edition: Customer acknowledges and agrees that (a) Customer is required to provide to Black Duck in writing the hostnames representing the Web Application(s) to be tested by the Services, and (b) Customer may not change the hostnames that represent a given Web Application during the Term without purchasing an additional Services subscription in connection with such change.
Sentinel Standard Edition: Customer acknowledges and agrees that (a) Customer is required to provide to Black Duck in writing the hostnames representing the Web Application(s) to be tested by the Services, and (b) Customer may not change the hostnames that represent a given Web Application during the Term without purchasing an additional Services subscription in connection with such change.
Sentinel SCA Essentials Edition (100,000 Lines of Code): The total Lines of Code purchased by Customer under this Quote or Service Order for the Sentinel SCA Essentials Edition (LOC) service may be used with any number of Customer Source Applications but may not be combined with any other WhiteHat Sentinel Source service. For the purposes of this Quote or Service Order: (i) “Environment” means the environment (for example, development, staging or production) in which a particular Application is housed when scanned by the Services, (ii) “Lines of Code” means the lines of Customer’s source code or binary code containing any characters (excluding comments and white spaces), as measured by Black Duck based on the average of up to the last twenty (20) scans of such Source Application by the Services and (iii) “Source Application” means the smallest single unit of source code or binary code in a single Environment that can run independently on a server or mobile device, the code base of which does not change more than 20% between Service scans.
WhiteHat Sentinel SCA - Essentials Edition (Up to Large App): Sentinel Software Composition Analysis: At any time during the Term, if Customer is using the Services to perform scans on a Source Application that exceeds the maximum allowable Uncompressed File Size and the number of Lines of Code (both as measured by Black Duck), as applicable, purchased by Customer under this Quote or Service Order (or from an authorized Black Duck reseller or distributor) for such Source Application, Black Duck has the right to invoice Customer directly (or cause its authorized reseller or distributor to invoice Customer) for the Fees applicable to the actual Uncompressed File Size or number of Lines of Code of such Source Application used by Customer. On such invoice, Customer will be charged the applicable incremental Fee for the licenses required to bring Customer into compliance with its actual usage for each Source Application, using the prices set forth on this Service Order or Quote (or as provided to Customer by Black Duck's authorized reseller or distributor), prorated over the remaining Term of the subscription for the Services. A Source Application in excess of 120MB in Uncompressed File Size and three million (3,000,000) Lines of Code will require the purchase by Customer of multiple licenses (subject to pricing as agreed upon in writing by the parties) to fully license such Source Application. For the purposes of this Quote or Service Order: (i) “Environment” means the environment (for example, development, staging or production) in which a particular Application is housed when scanned by the Services, (ii) “Lines of Code” means the lines of Customer’s source code or binary code containing any characters (excluding comments and white spaces), as measured by Black Duck based on the average of up to the last twenty (20) scans of such Source Application by the Services and (iii) “Source Application” means the smallest single unit of source code or binary code in a single Environment that can run independently on a server or mobile device, the code base of which does not change more than 20% between Service scans.
Sentinel Source Essentials Edition (100,000 Lines of Code): The total Lines of Code purchased by Customer under this Quote or Service Order for the Sentinel Source Essentials Edition (LOC) service may be used with any number of Customer Source Applications but may not be combined with any other WhiteHat Sentinel Source service. For the purposes of this Quote or Service Order: (i) “Environment” means the environment (for example, development, staging or production) in which a particular Application is housed when scanned by the Services, (ii) “Lines of Code” means the lines of Customer’s source code or binary code containing any characters (excluding comments and white spaces), as measured by Black Duck based on the average of up to the last twenty (20) scans of such Source Application by the Services and (iii) “Source Application” means the smallest single unit of source code or binary code in a single Environment that can run independently on a server or mobile device, the code base of which does not change more than 20% between Service scans.
Sentinel Source – (Extra Small App): At any time during the Term, if Customer is using the Services to perform scans on a Source Application that exceeds the maximum allowable Uncompressed Source File Size and the number of Lines of Code (both as measured by Black Duck), as applicable, purchased by Customer under this Quote or Service Order (or from an authorized Black Duck reseller or distributor) for such Source Application, Black Duck has the right to invoice Customer directly (or cause its authorized reseller or distributor to invoice Customer) for the Fees applicable to the actual Uncompressed Source File Size or number of Lines of Code of such Source Application used by Customer. On such invoice, Customer will be charged the applicable incremental Fee for the licenses required to bring Customer into compliance with its actual usage for each Source Application, using the prices set forth on this Service Order or Quote (or as provided to Customer by Black Duck's authorized reseller or distributor), prorated over the remaining Term of the subscription for the Services. A Source Application in excess of 200MB in Uncompressed Source File Size and five million (5,000,000) Lines of Code will require the purchase by Customer of multiple licenses (subject to pricing as agreed upon in writing by the parties) to fully license such Source Application. For the purposes of this Quote or Service Order: (i) “Environment” means the environment (for example, development, staging or production) in which a particular Application is housed when scanned by the Services, (ii) “Lines of Code” means the lines of Customer’s source code or binary code containing any characters (excluding comments and white spaces), as measured by Black Duck based on the average of up to the last twenty (20) scans of such Source Application by the Services and (iii) “Source Application” means the smallest single unit of source code or binary code in a single Environment that can run independently on a server or mobile device, the code base of which does not change more than 20% between Service scans.
Sentinel Source – (Small App/Medium App/Large App): At any time during the Term, if Customer is using the Services to perform scans on a Source Application that exceeds the maximum allowable Uncompressed Source File Size and the number of Lines of Code (both as measured by Black Duck), as applicable, purchased by Customer under this Quote or Service Order (or from an authorized Black Duck reseller or distributor) for such Source Application, Black Duck has the right to invoice Customer directly (or cause its authorized reseller or distributor to invoice Customer) for the Fees applicable to the actual Uncompressed Source File Size or number of Lines of Code of such Source Application used by Customer. On such invoice, Customer will be charged the applicable incremental Fee for the licenses required to bring Customer into compliance with its actual usage for each Source Application, using the prices set forth on this Service Order or Quote (or as provided to Customer by Black Duck's authorized reseller or distributor), prorated over the remaining Term of the subscription for the Services. A Source Application in excess of 200MB in Uncompressed Source File Size and five million (5,000,000) Lines of Code will require the purchase by Customer of multiple licenses (subject to pricing as agreed upon in writing by the parties) to fully license such Source Application. For the purposes of this Quote or Service Order: (i) “Environment” means the environment (for example, development, staging or production) in which a particular Application is housed when scanned by the Services, (ii) “Lines of Code” means the lines of Customer’s source code or binary code containing any characters (excluding comments and white spaces), as measured by Black Duck based on the average of up to the last twenty (20) scans of such Source Application by the Services and (iii) “Source Application” means the smallest single unit of source code or binary code in a single Environment that can run independently on a server or mobile device, the code base of which does not change more than 20% between Service scans.
Sentinel Source (Up to Large App): At any time during the Term, if Customer is using the Services to perform scans on a Source Application that exceeds the maximum allowable Uncompressed File Size and the number of Lines of Code (both as measured by Black Duck), as applicable, purchased by Customer under this Quote or Service Order (or from an authorized Black Duck reseller or distributor) for such Source Application, Black Duck has the right to invoice Customer directly (or cause its authorized reseller or distributor to invoice Customer) for the Fees applicable to the actual Uncompressed File Size or number of Lines of Code of such Source Application used by Customer. On such invoice, Customer will be charged the applicable incremental Fee for the licenses required to bring Customer into compliance with its actual usage for each Source Application, using the prices set forth on this Service Order or Quote (or as provided to Customer by Black Duck's authorized reseller or distributor), prorated over the remaining Term of the subscription for the Services. A Source Application in excess of 120MB in Uncompressed File Size and three million (3,000,000) Lines of Code will require the purchase by Customer of multiple licenses (subject to pricing as agreed upon in writing by the parties) to fully license such Source Application. For the purposes of this Quote or Service Order: (i) “Environment” means the environment (for example, development, staging or production) in which a particular Application is housed when scanned by the Services, (ii) “Lines of Code” means the lines of Customer’s source code or binary code containing any characters (excluding comments and white spaces), as measured by Black Duck based on the average of up to the last twenty (20) scans of such Source Application by the Services and (iii) “Source Application” means the smallest single unit of source code or binary code in a single Environment that can run independently on a server or mobile device, the code base of which does not change more than 20% between Service scans.
Sentinel Source Standard Edition (100,000 Lines of Code): The total Lines of Code purchased by Customer under this Quote or Service Order for the WhiteHat Sentinel Source Standard Edition service may be used with any number of Customer Source Applications but may not be combined with any other WhiteHat Sentinel Source service. For the purposes of this Quote or Service Order: (i) “Environment” means the environment (for example, development, staging or production) in which a particular Application is housed when scanned by the Services, (ii) “Lines of Code” means the lines of Customer’s source code or binary code containing any characters (excluding comments and white spaces), as measured by Black Duck based on the average of up to the last twenty (20) scans of such Source Application by the Services and (iii) “Source Application” means the smallest single unit of source code or binary code in a single Environment that can run independently on a server or mobile device, the code base of which does not change more than 20% between Service scans.
Sentinel Mobile Express: For WhiteHat Sentinel Mobile Express, Customer must provide the binary code of a Mobile Application that is signed, for development and testing purposes, by the application developer. If Customer requires more than three (3) automated scans of a specific Mobile Application during the Term, Customer will need to buy an additional subscription to WhiteHat Sentinel Mobile Express. WhiteHat Sentinel Mobile Express is an annual service; therefore, all three (3) automated scans must be scheduled and completed prior to the end of the applicable Term.
WhiteHat Customer Onboarding: Customer acknowledges and agrees that the WhiteHat Customer Onboarding service requires Customer to have an active subscription for at least one of Black Duck's DAST, SAST or Mobile services.
WhiteHat Sentinel Source Standard Edition Unlimited: Notwithstanding anything to the contrary agreed to by the Customer previously, the following definitions shall apply to the Services purchased under this Quote or Service Order. (1) "Environment" means the environment (for example, development, staging or production) in which a particular Application is housed when scanned by the Services. (2) "Lines of Code" means the lines of Customer's source code or binary code containing any characters (excluding comments and white spaces), as measured by Black Duck based on the average of up to the last twenty (20) scans of such Source Application by the Services. (3) "Source Application" means the smallest single unit of source code or binary code in a single Environment that can run independently on a server or mobile device, the code base of which does not change more than 20% between Service scans.
WhiteHat Sentinel Prod to Prod Swap ("Prod to Prod Swap"): During the Term, notwithstanding anything to the contrary in this Quote or Service Order or in the services agreement by and between Black Duck and Customer, Customer has the right to change the hostname that represents a single Web Application currently licensed under WhiteHat Sentinel Premium Edition ("Sentinel PE"), WhiteHat Sentinel Standard Edition or WhiteHat Sentinel Baseline Edition (collectively, the "DAST Service") for each unit of Prod to Prod Swap purchased by Customer. Customer and Black Duck acknowledge and agree that (a) the level of DAST Service for the new hostname must be the same as for the replaced hostname, (b) the hostname changes must be from one production site to another production site, (c) the Term applicable to the subscription for DAST Service purchased by Customer will remain unchanged, and (d) if the Customer is changing the hostname licensed under Sentinel PE and the annual business logic assessment ("BLA") for such subscription has been started or completed by Black Duck during the Term, then Black Duck will have no obligation to perform an additional BLA on the applicable new hostname until the beginning of the next annual period, unless Customer chooses to deploy a BLA Add-on license on such Web Application. Further, Customer and Black Duck acknowledge and agree that (i) all hostname changes pursuant to the above described rights must be requested and completed during the Term, (ii) changes to a hostname provided by Customer may be made through electronic mail or customer support tickets, (iii) once the change to the hostname for a Web Application has been made, all historical vulnerability data for such Web Application related to the replaced hostname will no longer be available to Customer and (iv) it is Customer's responsibility to download all associated data and/or Reports prior to replacing any such hostname.
WhiteHat Sentinel Points: (A) All Points are sold on an annual subscription basis and expire at the end of the applicable annual term, regardless of when their consumption begins. (B) No carryover of unconsumed points beyond the annual term. (C) The Customer must have enough Points available to consume a requested service. (D) During the Term of this Quote or Service Order, Customer has the right to exchange the Points for the Services as listed on this Quote or Service Order, over the remaining Term, based on the Point Value of each such Service. Customer will notify the Black Duck on-boarding team in writing (email is acceptable) of each request to exchange the Points for Services. Once Points have been exchanged for a particular type of Service, such Points may not be exchanged for any other type of Service. In the event Customer exchanges all of the purchased Points during the Term and wishes to deploy additional Services, Customer will be required to enter into a Quote or Service Order to purchase the applicable additional Points.
WhiteHat Sentinel Baseline Edition Additional Staging Add-On ("BE Staging Add-On"): During the Term, notwithstanding anything to the contrary in the master service agreement by and between the Customer and Black Duck, in the event the hostname for a Web Application under an active WhiteHat Sentinel Baseline Edition subscription changes as a result of a change to the Environment of such Web Application and the Web Application remains the same, Customer has the right to change the hostname applicable to such Web Application for each BE Staging Add-On license purchased by Customer. Customer and Black Duck acknowledge and agree that (i) all hostname changes pursuant to a BE Staging Add-On license must be made during the Term and (ii) changes to the hostnames provided by Customer may be made through electronic mail or customer support tickets. When Customer elects to replace the hostname for a Web Application, all historical vulnerability data for such Web Application related to the replaced hostnames will no longer be available to Customer, and it is Customer's responsibility to download all associated data and/or Reports prior to replacing any such host names.
WhiteHat Sentinel Business Logic Assessment Add-on ("BLA Add-On"): Customer acknowledges and agrees that (i) a BLA Add-On may be performed only on Web Applications that are under an active subscription for WhiteHat Sentinel Premium Edition or WhiteHat Sentinel Standard Edition and (ii) all BLA Add-Ons purchased under this Quote or Service Order must be scheduled by Customer for completion prior to the end of the applicable Term.
WhiteHat Sentinel Premium Edition Additional Staging Add-On ("PE Staging Add-On"): During the Term, notwithstanding anything to the contrary in the master service agreement by and between the Customer and Black Duck, in the event the hostname for a Web Application under an active WhiteHat Sentinel Premium Edition subscription changes as a result of a change to the Environment of such Web Application and the Web Application remains the same, for each PE Staging Add-On license purchased by Customer, (i) Customer has the right to change the hostname applicable to such Web Application and (ii) Black Duck will perform one (1) additional business logic assessment on such Web Application. Customer and Black Duck acknowledge and agree that (a) all hostname changes pursuant to a PE Staging Add-On license must be made during the Term and (b) changes to the hostnames provided by Customer may be made through electronic mail or customer support tickets. When Customer elects to replace the hostname for a Web Application, all historical vulnerability data for such Web Application related to the replaced hostnames will no longer be available to Customer, and it is Customer's responsibility to download all associated data and/or Reports prior to replacing any such host names.
WhiteHat Sentinel Standard Edition Additional Staging Add-On ("SE Staging Add-On"): During the Term, notwithstanding anything to the contrary in the master service agreement by and between the Customer and Black Duck, in the event the hostname for a Web Application under an active WhiteHat Sentinel Standard Edition subscription changes as a result of a change to the Environment of such Web Application and the Web Application remains the same, Customer has the right to change the host name applicable to such Web Application for each SE Staging Add-On license purchased by Customer. Customer and Black Duck acknowledge and agree that (i) all hostname changes pursuant to an SE Staging Add-On license must be made during the Term and (ii) changes to the hostnames provided by Customer may be made through electronic mail or customer support tickets. When Customer elects to replace the hostname for a Web Application, all historical vulnerability data for such Web Application related to the replaced hostnames will no longer be available to Customer, and it is Customer's responsibility to download all associated data and/or Reports prior to replacing any such host names.
WhiteHat Professional Services - DAST Attestation ("DAST Attestation") - Customer acknowledges and agrees that (i) the DAST Attestation service may be performed only for Web Applications that are under an active subscription for WhiteHat Sentinel Baseline Edition, WhiteHat Sentinel Standard Edition or WhiteHat Sentinel Premium Edition, (ii) all DAST Attestation services purchased under this Quote or Service Order must be requested and completed prior to the end of the applicable term and (iii) Customer is required to provide to Black Duck in writing the Hostname(s) representing the Web Application(s) applicable to the DAST Attestation service.
WhiteHat Program Management JumpStart ("PM JumpStart"): Customer acknowledges and agrees that the PM JumpStart service requires Customer to have an active subscription for at least one of Black Duck's DAST, SAST or Mobile services.
WhiteHat Professional Services - Program Management: Customer acknowledges and agrees that the Program Management service purchased under this Quote or Service Order (i) may be used to support only active subscriptions for Black Duck supplied services and (ii) is limited to the number of hours per week purchased by Customer over the applicable subscription period. At the end of each one-week period following the Effective Date, any unused hours for such week will be cancelled and no longer available for use by Customer. Customer is responsible for and shall pay all travel and expense costs incurred by Black Duck for delivery of the on-site portion of program management services.
WhiteHat API Manual Assessment: For the purposes of this Quote or Service Order, (a) "API" means a single web service that is accessed via a URL; and is described using the web services description language (WSDL) (limited to simple object access protocol (SOAP) or hypertext transfer protocol (HTTP)) or a representational state transfer (RESTful) API (limited to HTTP) and (b) "Operation" means a discrete function accessed via a combination of its API's base URL, the Operation's name, and a request payload. Customer acknowledges that (i) complete API documentation for all Operations, (ii) at least one sample of a successful request and response pair for each Operation and (iii) information required to access the API including URLs and credentials, must all be made available to Black Duck before Black Duck will begin performing these API security testing services. Customer further acknowledges that once Customer has provided documentation for an API's Operation(s) and Black Duck has scoped such documentation for the purposes of determining the pricing for the Services to be performed on such API, any change by Customer to the API or the applicable documentation will require Black Duck to rescope the project and may result in delays in the commencement of the Services and/or an increase in the applicable pricing for the Services.
Vantage Detect for Security Analysts ("Detect for Analysts"): During the Service Term, Customer has the right to use Detect for Analysts for the number of Targets purchased under this Quote or Service Order. For the purposes of Detect for Analysts, the term "Target" means a unique, publicly accessible production web application that can be configured as a testable target for the Vantage Detect service, regardless of protocol or port. For clarity, a subdomain or different root domain is considered a separate Target and would require the purchase of an additional license by Customer to scan.
Vantage Detect for Security Essentials ("Detect for Essentials"): During the Service Term, Customer has the right to use Detect for Essentials for the number of Targets purchased under this Quote or Service Order. For the purposes of Detect for Essentials, the term "Target" means a unique, publicly accessible production web application that can be configured as a testable target for the Vantage Detect service, regardless of protocol or port. For clarity, a subdomain or different root domain is considered a separate Target and would require the purchase of an additional license by Customer to scan.
Vantage Inspect for Developers ("Inspect for Developers"): During the Service Term, Customer has the right to use Inspect for Developers for the number of Users purchased under this Quote or Service Order. For the purposes of Inspect for Developers, (a) the term "User" means an individual user of Inspect for Developers and (b) the term "application" means the smallest single unit of source code or binary code in a single environment (for example, development, staging or production) that can run independently on a server or mobile device. Customer acknowledges and agrees that its use of Inspect for Developers is subject to the Terms of Use set forth here: https://www.shiftleft.io/privacy-security-terms/ (the "Inspect Terms"). In the event of a conflict between the terms of the Agreement (including this Quote or Service Order) and the Inspect Terms, the terms of the Agreement will prevail, to the extent of any such conflict.
Vantage Prevent for Developers ("Prevent for Developers"): During the Service Term, Customer has the right for the number of Users purchased under this Quote or Service Order to install and use Prevent for Developers on a single computing device (e.g. laptop or desktop) against web applications and APIs running locally on a laptop or desktop computing device. For clarity, a User may not install Prevent for Developers on any type of server. For the purposes of Prevent for Developers, (i) the term "User" means an individual user of Prevent for Developers and (ii) the term "API" means a web service that is accessible via a single hostname and port, by using hypertext transfer protocol (HTTP/1.1), and returns a valid HTTP/1.1 response.
Vantage Prevent for DevOps ("Prevent for DevOps"): During the Service Term, Customer has the right to use Prevent for DevOps for the number of Concurrent Scans purchased under this Quote or Service Order by any number of Users. For the purposes of Prevent for DevOps, (i) the term "Concurrent Scan" means a single scan using Prevent for DevOps that is running simultaneously with any other Prevent for DevOps scan, at any point in the scan process and (ii) the term "API" means a web service that is accessible via a single hostname and port, by using hypertext transfer protocol (HTTP/1.1), and returns a valid HTTP/1.1 response.
Vantage Prevent for Security Analysts ("Prevent for Analysts"): During the Service Term, Customer has the right for the number of Users purchased under this Quote or Service Order to install and use Prevent for Analysts on a single computing device (e.g. laptop or desktop) against web applications and APIs (a) running locally on a laptop or desktop computing device or (b) accessible remotely over a network. For clarity, a User may not install Prevent for Analysts on any type of server. For the purposes of Prevent for Analysts, (a) the term "User" means an individual user of Prevent for Analysts and (b) the term "API" means a web service that is accessible via a single hostname and port, by using hypertext transfer protocol (HTTP/1.1), and returns a valid HTTP/1.1 response.
Onsite Training Services: All Onsite Training purchased by Customer under this Service Order (i) is limited to a maximum of thirty (30) participants per session and (ii) must be completed within twelve (12) months of the Effective Date. Customer understands and acknowledges that (i) the knowledge, tools and skills that Customer attendees may learn from attending the Onsite Training and/or from the Training Materials may enable such attendee(s) to gain the ability to cause significant harm and destruction to computer systems, web sites and URLs; (ii) in most countries, attacking a computer system without the permission of the owner of such computer system is unlawful; (iii) it will be fully responsible for the acts or omissions of its employees, agents, contractors or other individuals as it relates to their use of the information provided in the Training and Training Materials, which includes, but is not limited to, attacking computer systems or web sites, or attempting to gain unauthorized access to computer systems or web sites, even if the objective is to cause no actual harm to the computer system or web site. Customer further acknowledges and agrees that (i) Customer vulnerability data Customer allows the instructor to view during onsite training may be highly sensitive and (ii) Black Duck shall have no liability for any disclosure, misuse or misappropriation of such vulnerability data by Customer. For any Onsite Training purchased by Customer on this Service Order, Customer is responsible for and shall pay all travel and expense costs incurred by Black Duck for the provisioning and delivery of the Onsite Training. Unless Customer provides at least twenty-one (21) days prior notice of its need to reschedule the Onsite Training date once scheduled, Customer shall be responsible for a rescheduling fee in the amount of five percent (5%) of the fees associated with Onsite Training in the table set forth above. Upon receipt of such notice, Black Duck shall use commercially reasonable efforts to cancel any travel related commitments. Customer, however, shall remain responsible for any non-refundable travel or expense related costs and for any penalties or restocking charges related thereto.