// legal
Terms of Service
Last updated: March 2026
1. Overview
These terms govern use of viper-offsec.com and any engagement of security services provided by Viper Offensive Security Ltd.
Viper Offensive Security Ltd is registered in both England & Wales and Estonia, with operational presence in the Netherlands.
By using this website or engaging our services, you agree to these terms.
2. Website use
This website is provided for informational purposes. You may not use it to:
- –Attempt to gain unauthorised access to any system
- –Scrape, harvest, or index content without permission
- –Misrepresent your identity when using the contact form
We reserve the right to block access to users who violate these terms.
3. Security services
All security engagements are governed by a written Statement of Work (SoW) agreed and signed before any work begins.
The SoW defines:
- –Scope — systems, networks, or codebases in scope
- –Out-of-scope — explicitly excluded targets
- –Duration and timeline
- –Deliverables and reporting format
- –Fees and payment terms
No testing activity takes place outside the agreed scope. All findings are reported to the client. We do not disclose client findings to third parties without explicit written consent.
4. Authorisation
All penetration testing, red team operations, and security assessments are conducted only with explicit written authorisation from the system owner or their authorised representative.
Viper Offensive Security Ltd operates within the legal frameworks of:
- –UK Computer Misuse Act 1990 (England & Wales)
- –Dutch Computer Crime Act — Wet Computercriminaliteit (Netherlands)
- –Estonian Penal Code § 206–217 — computer-related offences (Estonia)
- –Any applicable local laws in the client’s jurisdiction
Clients are responsible for ensuring they hold the authority to commission testing on all systems within the agreed scope.
5. Confidentiality
All client information, codebases, findings, and engagement details are treated as strictly confidential.
We do not disclose client names, project details, or findings without explicit written permission.
NDAs are available on request and are standard practice for all engagements.
Publication of any audit report requires the client’s written consent. Where reports are published, client-specific operational details are redacted at the client’s discretion.
6. Intellectual property
Research, tools, and methodologies developed by Viper Offensive Security Ltd remain our intellectual property unless explicitly transferred in a signed written agreement.
Audit reports delivered to clients are licensed to the client for their internal use. Clients may publish reports publicly with our prior written consent.
Custom tooling developed specifically for a client engagement is governed by the relevant SoW.
7. Liability
Our liability for any engagement is limited to the fees paid for that specific engagement, to the maximum extent permitted by applicable law.
Security testing carries inherent operational risk. We take all reasonable precautions to minimise disruption. Scope, rules of engagement, and risk mitigation procedures are agreed in writing before testing begins.
We are not liable for pre-existing vulnerabilities, third-party system failures, or consequences arising from vulnerabilities that were in scope but not discovered during the engagement.
8. Governing law and jurisdiction
These terms are governed by the laws of England & Wales.
For clients based in the European Union, EU consumer and contract law may apply in addition to these terms where required by mandatory local law. Our EU operational presence is in Estonia and the Netherlands.
Any disputes shall be subject to the jurisdiction of the courts of England & Wales as the primary forum, unless otherwise agreed in writing or required by mandatory EU law.