Last Updated: 2025/12/22
1. Scope of Services
S3CUR3 LLC (“S3CUR3,” “Company,” “we,” “us,” or “our”) provides external exposure assessments and related security consulting services (“Services”) intended to identify publicly observable risk conditions associated with systems and assets explicitly authorized by the client.
Unless expressly agreed in writing, Services are non-intrusive, externally scoped, informational in nature, and constitute point-in-time evaluations.
2. Authorization & Lawful Use
By engaging S3CUR3, you represent and warrant that you own, lease, or are otherwise legally authorized to assess all in-scope assets. You are responsible for obtaining internal approvals and ensuring scope accuracy.
Unauthorized scanning or testing of third-party systems is prohibited. We reserve the right to decline or terminate Services where authorization is unclear or insufficient.
3. Rules of Engagement (RoE)
Prior to any assessment, the client must execute a Rules of Engagement (RoE) document defining authorized assets, scope boundaries, testing window, and methodology limitations. The RoE governs the engagement and takes precedence over informal communications.
4. Service Limitations
Unless explicitly stated in a signed agreement, Services do not include:
- Exploitation or post-exploitation activities
- Credentialed or authenticated testing
- Internal network access or internal scanning
- Denial-of-service testing
- Social engineering, phishing, or physical testing
- Malware deployment or persistence
- Incident response or remediation services
- Continuous monitoring or managed security operations
5. No Guarantee / No Warranty
S3CUR3 does not guarantee the identification of all security issues, nor does it guarantee prevention of security incidents. Findings reflect conditions observed at the time of testing and may change due to system updates, configuration changes, external dependencies, or other factors.
Services are provided “as-is” and “as-available” to the maximum extent permitted by law.
6. Client Responsibilities
Clients are solely responsible for:
- Remediation of identified findings
- Implementation of security controls and configuration changes
- Ongoing system maintenance and monitoring
- Compliance with applicable laws and third-party requirements
S3CUR3 does not implement changes unless separately contracted in writing.
7. Third-Party Tools & Recommendations
We may reference or assist with configuration of third-party tools and services. Unless explicitly stated, S3CUR3 does not resell licenses, provide vendor support, or perform continuous monitoring. Clients remain responsible for vendor terms, licensing, and ongoing management of third-party tools.
8. Confidentiality
Assessment results, reports, and related materials are treated as confidential and disclosed only to the client, except where required by law. Clients are responsible for safeguarding delivered materials and controlling access.
9. Intellectual Property
Reports, methodologies, templates, and materials provided remain the intellectual property of S3CUR3 LLC unless otherwise agreed in writing. Clients are granted a non-exclusive license to use deliverables for internal purposes.
10. Limitation of Liability
To the maximum extent permitted by law, S3CUR3 shall not be liable for indirect, incidental, special, or consequential damages. Total liability shall not exceed the amount paid for the specific Service giving rise to the claim.
11. Indemnification
You agree to indemnify and hold harmless S3CUR3 LLC from claims arising from unauthorized scope, inaccurate authorization, misuse of reports, or violation of laws or third-party rights.
12. Changes to These Terms
We may update these Terms periodically. Continued use of the website or Services constitutes acceptance of the updated Terms.
13. Contact
Questions about these Terms can be sent to [email protected].