Plain English.
Not a 40-page death march.

These terms apply to your use of necessityworks.com and its subpages. They do not apply to:

• →The NecessityWorks platform itself — governed by the Master Subscription Agreement and Data Processing Addendum.
• →Open-source code we publish on GitHub — that runs under its own license, usually Apache 2.0.

• →Read everything, including the deep technical pages.
• →Quote our copy, screenshot pages, link to anything. Attribution is appreciated, not legally required.
• →Download the public PDFs and HTML reports under /downloads/. Share them internally, send them to your team, attach them to RFP responses.
• →Sign up for the waitlist or SAST early access. Nothing buys you anything yet — it just gets you onto the notification list.
• →Use the security disclosure process at /.well-known/security.txt. Coordinated disclosure is welcome and we respond within 5 business days.

• ✗Abuse the site, the form, or the API.
• ✗Impersonate someone else when signing up.
• ✗Strip our copyrights or pass our content off as your own.

Find a vulnerability? We want to hear about it before anyone else does. Email [email protected]. Good-faith coordinated disclosure is welcomed and acknowledged in writing.

We publish specific numbers because vague marketing claims are exactly what the security industry trained us to mistrust. The numbers on this site (Youden Index, true-positive rate, false-positive rate, time-to-review, integration count, etc.) come from real measurements on real test corpora — most notably the OWASP Benchmark v1.2 and the CVEfixes dataset.

Two things to understand:

• →These are measurements, not warranties. Your codebase isn’t the OWASP Benchmark. Your threat model isn’t our test set. We can prove what we measured. We can’t prove what your environment will return without measuring yours.
• →We will publish the methodology, the test corpora, the raw counts, and the cost per case. If we don’t show our work, don’t believe the number.

Use the numbers to evaluate us seriously. Don’t use them as legal guarantees of outcomes in your environment — that’s what a paid pilot is for.

The text, design, code, logos, screenshots, and reports on this site are owned by NecessityWorks (or, where applicable, by the third-party authors of the open-source libraries and content we’re standing on). Trademarks of other vendors that appear on this site (in integration logos, comparison pages, etc.) belong to those vendors and are used for identification only. No endorsement implied, no affiliation claimed.

If you want to use our copy or visuals beyond fair-use quoting, email [email protected]. We’re generally happy to grant permission for analyst reports, conference talks, journalism, and buyer-side internal use.

Joining a waitlist or early-access list does not:

• →Reserve a license slot.
• →Lock in a price (we haven’t announced one).
• →Guarantee any specific feature exists at launch — the product roadmap is in motion and we will ship what customers actually need, not what a pre-launch list agreed to.
• →Create any binding obligation on either side. You can unsubscribe at any time with no notice. So can we, if abuse happens.

Everything on this site is provided as-is and for general informational and evaluation purposes. We do not warrant that the content is fit for your specific compliance program, threat model, or operational environment.

Nothing on the site is legal advice, security consulting, or a contractual representation.

To the maximum extent allowed by law, NecessityWorks is not liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenue, arising from your use of this website. Aggregate liability arising out of or related to this site is capped at $100 USD — we are not selling you anything via this page, so that’s the appropriate ceiling.

None of this limits liability for fraud, willful misconduct, or anything else that can’t legally be disclaimed where you live.

These terms are governed by the laws of the State of Delaware, USA, without regard to conflict-of-law principles. Disputes go to the state or federal courts located in Delaware, and you and we both consent to that jurisdiction.

We may update these terms. The current version will always live at this URL with the “Last updated” date at the top. Material changes get a notice on the site for 14 days before they take effect. Past versions are kept in our git history.

Legal questions about these terms: [email protected]
Privacy / data rights: [email protected]
Security disclosures: [email protected]
General: [email protected]