For a complete list of translations, please see the license origin repository located on the SPYDER organization page on GitHub here: SPYDER Open Security License (SOSL) 1.0.
-
"Artificial Intelligence System" (AI System): Any machine learning or artificial intelligence technology that generates code or contributions with minimal direct human input. "Minimal direct human input" refers to limited human involvement primarily for supervision or final approval. Contributions incorporating existing licensed material must comply with the original license terms. For the purposes of this license, "minimal" is defined as less than 10% of the total development effort. AI-generated contributions must be accompanied by a detailed disclosure and verification process as outlined by the Licensor.
-
"Contribution": Any original work of authorship, including modifications or additions to existing work, submitted to the Licensor for inclusion in the Work, by an individual, legal entity, or AI System. This includes any material that is novel or that adds value to the Work. Contributions must be substantive and must not include trivial changes.
-
"Enterprise": An organization with annual revenue exceeding $10 million USD in the previous fiscal year or more than 100 employees. Entities using complex structures to avoid this threshold, such as splitting into smaller entities, are included. The total revenue and employee count will be aggregated for related entities under common control.
-
"Security Fix": Any modification addressing a security vulnerability, designated as a Security Fix by the submitter and accepted by the Licensor following the specified acceptance criteria and process outlined by the Licensor. The criteria include a detailed description of the vulnerability, the impact assessment, and testing evidence that confirms the fix.
-
"Verified Contribution": A Contribution reviewed and confirmed by the contributor to behave as intended and comply with this License, particularly if generated by an AI System. This includes running tests and ensuring it does not violate any third-party rights. Verification must include comprehensive documentation of the testing process and results.
-
"Work": The collective software, content, and documentation covered by this License, including all Contributions made by various contributors.
-
"Utilization": The extent to which an Enterprise uses the Work, measured by factors such as the number of end-users, scale of deployment, or integration into products or services. Specific metrics will be provided by the Licensor as needed and must be reported accurately and periodically by the Enterprise.
-
"You" (or "Your"): An individual or legal entity exercising permissions granted by this License.
-
Redistribution and Use: You may reproduce, prepare derivative works, publicly display, distribute, and perform the Work and derivative works in source or object form. Attribution requirements must be met where applicable, following the guidelines provided by the Licensor. Attribution must include the original author(s), the name of the Work, and a link to the original repository. Distribution of derivative works in object form must be accompanied by the Corresponding Source code.
-
Patent Grant: Each Contributor grants You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable patent license to make, use, offer to sell, sell, import, and otherwise transfer the Work. Conflicts with other licenses or patents held by contributors must be resolved through the specified process by the Licensor, which includes mediation or arbitration.
-
Contribution of Security Fixes: If You make or become aware of a Security Fix, You must submit it to the Licensor following the specified process, which includes providing detailed documentation and code. The process must include a vulnerability report, steps to reproduce, and proof of the fix. AI-assisted submissions must be Verified Contributions.
-
AI-Generated Contributions: AI-generated Contributions must be disclosed and verified. You are responsible for their compliance and non-infringement of third-party rights. Verification must include documentation of the AI generation process and the steps taken to ensure compliance. Disputes over compliance and third-party rights infringement will be handled through a process specified by the Licensor, which includes independent review and arbitration. AI-generated contributions must be open-sourced under this License.
-
Funding or Copyleft Option for Enterprises:
If You are an Enterprise:
-
You may contribute financially to the maintenance and development of the Work, with amounts specified by the Licensor. The specific contribution amounts and payment details will be outlined by the Licensor, based on factors such as the Enterprise's size and level of utilization.
-
If opting out of financial contribution, you must release the entire application, if it includes the Work, under this License or a compatible open-source license with copyleft provisions. You must also provide all users access to the application's Corresponding Source under this License. "Corresponding Source" includes all source code necessary to build, maintain, and modify the application, including build scripts and installation instructions.
-
-
License Versioning and Upgrades: You agree to be bound by the current SOSL version as specified by the Licensor. You will be notified of new versions via the Licensor’s official communication channels, and the process for transitioning to new versions will be detailed by the Licensor. Transition to new versions must be completed within six months of notification.
-
Vulnerability Disclosure:
If You discover a Vulnerability in the Work:
-
Promptly notify the Licensor confidentially, following the process defined by the Licensor. The typical notification timeframe is within 14 days of discovery. Notifications must include a detailed report of the vulnerability.
-
Provide a reasonable timeframe, typically 90 days, for the Licensor to address the Vulnerability before public disclosure. Extensions to this timeframe must be agreed upon in writing.
-
Refrain from exploiting the Vulnerability in ways that could harm the Licensor, users, or the public.
-
-
Source Code and Patch Files: Source code must be provided in modifiable form. Distribution of the Work in modified form and patch files for build-time modifications is permitted. "Modifiable form" includes source code in a format that allows for editing and recompilation, such as plain text files or files that can be opened in standard development environments. It must also include any necessary documentation to understand and build the source code. Derivative works distributed in object form must include the Corresponding Source code.
-
Derived Works: Modifications and derived works must be allowed under the same terms as the original Work. Acknowledgment of the original Work must be included in derived works, clearly indicating the source of the original Work, and must follow the attribution requirements specified by the Licensor. All derived works must be licensed under this License.
-
Trademark Use: No permission is granted to use the Licensor's trade names, trademarks, service marks, or product names, except for describing the origin of the Work. Any other use requires explicit written permission from the Licensor. Descriptive use must be limited to factual statements about the origin and must not imply endorsement.
-
Dispute Resolution: Disputes will be resolved under the laws of the jurisdiction in which the owner of the original repository resides, and in accordance with the laws of that jurisdiction. An arbitration clause may be included to provide a faster resolution process, where arbitration will be conducted under the rules specified by the Licensor. Arbitration will take place in a neutral location agreed upon by both parties.
-
Termination: The License will terminate automatically upon any breach by You. Derived works from compliant entities will not have their licenses terminated. The process for addressing and remedying breaches before termination will be specified by the Licensor, providing a reasonable period (typically 30 days) to cure the breach. If the breach is not cured within this period, termination will proceed.
-
Warranty Disclaimer: The Work is provided "as is," without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, and non-infringement. The Licensor and contributors make no guarantee of the Work's performance or suitability for any specific use. This disclaimer applies to the fullest extent permitted by applicable law.
-
Limitation of Liability: In no event shall the Licensor or contributors be liable for any claim, damages, or other liability, whether in an action of contract, tort, or otherwise, arising from, out of, or in connection with the Work or the use or other dealings in the Work. This includes, but is not limited to, indirect, incidental, special, consequential, or punitive damages. Statutory exceptions to this limitation may apply.
-
Interpretation: Any ambiguities or unforeseen situations will be handled according to the general intent of the License. Specific interpretations may be issued by the Licensor, and these interpretations will be binding. In cases of dispute, a neutral third-party mediator may be appointed to resolve ambiguities.
-
Amendments: Changes to the License will be handled according to the process specified by the Licensor. Users will be notified of any amendments via the Licensor's official communication channels and provided with the rationale and implications. Users will have an opportunity to provide feedback or objections within a specified period (typically 60 days). Significant amendments require a majority approval from contributors.
Copyright (c) {{year}} by {{name}}.
This file is licensed under the Spyder Open Security License (SOSL) 1.0.
See the LICENSE.md file for details.