SOURCE CODE HANDLING ANNEX

1. Definitions:  For the purposes of this annex, the following definitions shall apply:

“Authorized Personnel” means any Participant or its Affiliates’ employees who (i) have agreed to be bound by nondisclosure obligations and restrictions no less restrictive than those contained in this annex, and (ii) are permitted to receive any source code, and information related thereto, that Company or its Affiliates provides to Participant or its Affiliates under the terms of this annex and the agreement with which this annex is associated (“Company Source Code”).

“Included Open Source Software” means any third party software included in the Company Source Code that was subject to an Open Source License before Participant or its Affiliates received it from Company.

“Open Source License” means any license that requires as a condition of use, modification and/or distribution of software subject to that license, that, among other things, such software or other software combined and/or distributed with such software be (i) disclosed or distributed in source code form; (ii) licensed for the purpose of making derivative works; or (iii) redistributable at no charge.

2. List of Authorized Personnel: Participant must provide Company with a written list of all Authorized Personnel as of the Effective Date. Participant agrees to provide Company written requests to add new Authorized Personnel. Such additions shall not be allowed without Company’s prior written consent. Participant agrees to comply with Company’s requests to provide up to date lists of all Authorized Personnel, and all confidentiality agreements entered into by Participant with its employees with access to the Company Source Code not previously provided to Company. Participant shall advise all Authorized Personnel of their responsibilities under this annex, the agreement with which this annex is associated, and their respective individual confidentiality agreement both at the time such person’s access to the Company Source Code commences and at the time such access terminates.  The Authorized Personnel shall use and access the Company Source Code solely on premises owned or leased by or otherwise under the direct control of Participant or its Affiliates.  Any breach of the confidentiality and use restrictions in this annex by employees of Participant or its Affiliates shall be deemed to be a breach by Participant.

3. Handling of Company Source Code: Participant agrees that it and its Affiliates’ will not: (a) disclose all or any portion of the Company Source Code to anyone other than Authorized Personnel, and in the case of Authorized Personnel such disclosure will be made only when reasonably necessary for Participant or its Affiliates to exercise their rights in compliance with this annex and the agreement with which this annex is associated; (b) store or use the Company Source Code except as provided herein; (c) allow hard copy printouts of any portion of the Company Source Code to exist except within the secured areas described herein; or (d) use the Company Source Code for any purpose not specifically authorized in this annex and the agreement with which this annex is associated.

4. Protection of Company Source Code: Participant agrees that it and its Affiliates shall ensure that the same degree of care is used to prevent the unauthorized use, dissemination, or publication of the Company Source Code as they use to protect their own most valuable confidential information, but in no event shall the safeguards for protecting the Company Source Code be less than what a reasonably prudent business would exercise under similar circumstances.  For the avoidance of doubt, Company Source Code shall be considered Company’s Confidential Information. Participant and its Affiliates shall take prompt and appropriate action to prevent unauthorized use or disclosure of the Company Source Code. Authorized Personnel shall be instructed not to copy the Company Source Code on their own, and not to disclose the Company Source Code to anyone not authorized to receive it. Participant and its Affiliates shall ensure that the Company Source Code is at all times maintained in secured locations only accessible to Authorized Personnel. Participant must maintain a list of all storage locations of Company Source Code and describe by what means they may be accessed. Participant must request approval to put Company Source Code in a new physical storage location. Copies within a directory hierarchy on the same physical media with a single security policy for the full hierarchy are permitted. Participant and its Affiliates shall ensure that the Company Source Code located on computers or networks shall be password protected with such passwords only being made available to Authorized Personnel. Such passwords should be set so as to be meet standard industry guidelines for resistance to cracking attempts.

5. Open Source: Participant recognizes that the Company Source Code is being provided solely for the purposes of evaluating or pursuing a potential business relationship. Except with respect to any Included Open Source Software, Participant and its Affiliates shall not (a) create derivative works of the Company Source Code in any manner, including a manner that would cause the Company Source Code, in whole or in part, to become subject to any of the terms of an Open Source License; or (b) distribute the Company Source Code in any manner, including any manner that would cause any Company Source Code component to become subject to any of the terms of any Open Source License.

6. Protection of Systems: Any system that containing the Company Source Code must be and continue to be (a) fully updated with all operating system and application security updates, (b) running a current, industry-standard antivirus program for such operating system, if one is available, and (c) remain behind a firewall, whether host or network based, at all times.

7. Access to Company Systems: If Participant or its Affiliates are given access to VPN and software by Company, then immediately upon request from Company, and in any event immediately upon the termination of the agreement to which the annex is attached Participant and its Affiliates must (a) return any SecurID tokens provided for network access; and (b) remove any VPN client software provided by Company.

8. Trade Secrets: Except for any Included Open Source Software, Company Source Code, the techniques, algorithms and processes contained in the Company Source Code or any modification or extraction thereof, constitute trade secrets of Company and/or its suppliers, and will be used by Participant or its Affiliates are and their Authorized Personnel only in accordance with the terms of this annex and the agreement with which this annex is associated. Participant and its Affiliates will take all measures reasonably required to protect the proprietary rights of Company and its suppliers and will promptly notify Company of any lost or missing items and take all reasonable steps to recover such items.

9. Audit: While Participant or its Affiliates have access to Company Source Code and for a period of 18 months thereafter, Company or its authorized representatives shall have access to Participant and its Affiliates’ premises to allow Company to determine whether Participant and its Affiliates are substantially in compliance with the terms set forth in this annex.