Educause Security Discussion mailing list archives

Re: Tenable License Agreement

From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Fri, 19 Sep 2008 16:29:17 -0500

I'm not up on the specifics of Minnesota law, but as a state agency, we run afoul of indemnification clauses pretty 
regularly.    Like North Dakota, our state law does not permit a state agency (or employee)  to indemnify another party 
in the manner of contract language similar to Tenable's.

I'm surprised Tenable hasn't run into this often enough to have found acceptable alternate language.

   -jml

Marty Hoag <marty.hoag () NDSU EDU> 2008-09-17 16:10 >>>

Actually, in our state I think it is still a crime for
me or anyone else as a public employee to sign such an
agreement and we can get fined if we do (I seem to remember
$10,000 but I haven't looked for a long time). I suspect
those at other public institutions may run into similar
restrictions. You can probably tell I'm not a lawyer...

    Sometimes a phrase such as "to the extent provided
by law" is helpful if the vendor is willing to add that.
Of course then you get into the issue of which state's
laws govern the agreement, etc.

    We look closely for the word "indemnify" in all our
agreements. But I agree that shrink wrap or click through
EULAs can be another can of worms all together.

Marty
NDSU

Valdis Kletnieks wrote:

On Wed, 17 Sep 2008 14:43:00 CDT, Chris Green said:

That's language our Legal department won't accept under any circumstances.


Did your Legal people explain *why* they won't accept it, and/or give possible
alternate wordage they would find acceptable?  I *think* what it's saying is
that if you use Nessus against (for example) a computer that happens to be
embedded in medical equipment, and the Nessus scan crashes the NT4 SP2 system
inside it and somebody dies, you can't sue Tenable.

I'd be surprised if *most* EULAs and software licenses that your site has
either negotiated or click-through'ed don't have similar language - they usually
disavow all liability they legally can.  What's in the Tenable agreement that
isn't in a Microsoft or Oracle or <fill in the blank> license, that gives your
legal people the willies?

Current thread:

Tenable License Agreement Chris Green (Sep 17)
- <Possible follow-ups>
- Re: Tenable License Agreement Valdis Kletnieks (Sep 17)
- Re: Tenable License Agreement Marty Hoag (Sep 17)
- Re: Tenable License Agreement Bradley, Stephen W. Mr. (Sep 17)
- Re: Tenable License Agreement Charlie Prothero (Sep 18)
- Re: Tenable License Agreement Chris Green (Sep 19)
- Re: Tenable License Agreement John Ladwig (Sep 19)