SCBE-AETHERMOORE Pilot Program Agreement

Technology Evaluation & Collaboration Framework

Version: 1.0
Date: January 16, 2026
Effective Date: [Pilot Start Date]
Duration: 90 calendar days

1. PARTIES

Provider: Issac Davis, Port Angeles, Washington (“Provider”)

Participant: [Customer Name], [Location] (“Participant”)

2. PURPOSE

Participant agrees to participate in a 90-day pilot program to evaluate SCBE-AETHERMOORE v3.0 (the “System”) for:

  • Control-flow integrity (CFI) detection and enforcement
  • Post-quantum cryptographic integration
  • Multi-layer governance decision-making
  • Production performance benchmarking

Scope: Integration into 2–3 critical applications (e.g., nginx, SSH, proprietary server) in Participant’s test environment.

Outcome: Quantified performance metrics + qualitative assessment (“Statement of Results”) to inform Phase 1 commercial licensing decision.

3. INTELLECTUAL PROPERTY & OWNERSHIP

3.1 Provider’s IP

SCBE-AETHERMOORE source code, algorithms, patents, documentation remain the exclusive property of Provider.

Participant receives a non-exclusive, royalty-free license to use the System solely for the duration of this pilot and only within Participant’s test environment.

Participant may not:

  • Sublicense, rent, lease, or transfer the System
  • Use the System in production without Phase 1 commercial license
  • Reverse-engineer, decompile, or derive competing systems
  • Publish the System’s code or results without Provider’s written consent

3.2 Participant’s Data

  • Participant retains all ownership of its applications, data, and infrastructure.
  • Participant controls what telemetry leaves its environment (see Section 6).

3.3 Feedback & Improvements

  • Any feedback, suggestions, or performance data Participant provides becomes Provider’s property and may be used to improve future versions.
  • Participant retains no rights to these improvements.

4. PILOT PHASES & MILESTONES

Phase 1: Integration & Baseline (Weeks 1–2)

Participant’s Responsibilities:

  • Deploy SCBE userspace library to test environment
  • Run 226 automated tests; confirm 100% passing
  • Integrate System into 2–3 target binaries
  • Measure baseline metrics (CFI overhead, latency, false-positive rate)

Provider’s Responsibilities:

  • Provide library + documentation
  • Offer 2x weekly sync calls (troubleshooting, technical questions)
  • Deliver integration guide + example code

Deliverables:

  • Integration checklist (signed off by Participant)
  • Baseline performance report (from Participant’s environment)

Phase 2: Live Monitoring (Weeks 3–8)

Participant’s Responsibilities:

  • Run System in monitoring mode (no blocking, logs only)
  • Forward SCBE telemetry to Participant’s SIEM (Splunk, Datadog, ELK, or custom)
  • Correlate SCBE alerts with existing IDS (Suricata, Zeek, etc.)
  • Conduct at least 2 red team exercises (simulated ROP/JOP attacks)
  • Measure false-positive rate under production load
  • Document any integration challenges or compatibility issues

Provider’s Responsibilities:

  • Analyze telemetry; provide weekly summary reports
  • Offer ad-hoc support (48-hour response SLA during this phase)
  • Suggest tuning parameters (L13 decision threshold, temporal window, etc.)

Deliverables:

  • Weekly telemetry summaries (5 reports)
  • Red team results (attack logs, detection accuracy)
  • Tuning recommendations

Phase 3: Controlled Enforcement (Weeks 9–12)

Participant’s Responsibilities:

  • Enable System in enforcement mode on test cluster (not production)
  • Run 3–5 additional red team exercises with known ROP/JOP exploits
  • Measure detection latency, false-positive rate, cluster stability
  • Collect performance metrics (CPU, memory, latency percentiles p50/p99)
  • Document any edge cases or bypass attempts

Provider’s Responsibilities:

  • Analyze enforcement-mode telemetry
  • Provide incident support (if System causes instability)
  • Iterate on tuning parameters (if needed)

Deliverables:

  • Final red team report (detection accuracy, false-positive rate, latency)
  • Production readiness assessment (System stability, performance, compatibility)

Phase 4: Final Report & Decision (Week 13)

Participant’s Responsibilities:

  • Co-author “Statement of Results” documenting:
    • ✓ Success metrics achieved (target: ≥92% detection, <0.5% overhead, <3% false positives)
    • ✓ Any gaps or unmet goals
    • ✓ Qualitative assessment (scalability, usability, security confidence)
    • ✓ Recommendation for Phase 1 commercial license (Yes/No/Conditional)

Provider’s Responsibilities:

  • Deliver final performance report
  • Conduct Phase 1 commercial licensing discussion (if Participant recommends “Yes”)

Deliverables:

  • Signed “Statement of Results” (jointly authored, confidential until Phase 1 signed)
  • Phase 1 licensing proposal (if requested)

5. SUCCESS METRICS

Pilot is deemed successful if:

Metric Target Threshold
ROP/JOP Detection 92–99% ≥90% acceptable, <85% triggers follow-up
CFI Overhead <0.5% >1% requires investigation, >2% considered failure
False-Positive Rate <3% >5% requires tuning; >10% blocks Phase 1
Auth Latency (p99) <2 ms >5 ms problematic for HFT; >10 ms unacceptable
Cluster Stability 99.9% uptime Zero crashes/hangs; clean shutdown/restart
Test Coverage 100% (226/226) All tests must pass in Participant’s environment

If metrics are NOT met: Provider and Participant jointly troubleshoot. Pilot may extend by mutual agreement (cost: $0, no additional terms).

6. DATA PRIVACY & TELEMETRY

6.1 Participant Controls Data Flow

Participant decides what telemetry leaves its network:

  • Default: All telemetry stays on Participant’s systems (logs in Participant’s SIEM only)
  • ⚠️ Optional: Participant may share anonymized metrics with Provider (e.g., “detection rate: 96%”, “overhead: 0.4%”) for Phase 1 case study
  • Never: Provider receives Participant’s:
    • Source code
    • Application data
    • User identities
    • Private crypto keys
    • Any information beyond SCBE system metrics

6.2 Anonymization

If Participant shares metrics with Provider:

  • All customer-identifying information is removed
  • Metrics are aggregated across time periods
  • Provider may use aggregated data in investor pitch decks / case studies (with Participant’s explicit consent)

6.3 Audit Trail

Participant may request audit trail of what Provider accessed:

  • By default: Provider has zero access to Participant’s environment (monitoring is Participant’s responsibility)
  • If Provider provides hosted monitoring service: Access logs will be made available monthly

7. CONFIDENTIALITY

7.1 Confidential Information

“Confidential Information” includes:

  • SCBE-AETHERMOORE source code, algorithms, patent claims
  • Performance metrics + red team results
  • Integration details + test data
  • Statement of Results (until Phase 1 signed or mutual release)

7.2 Obligations

Each party agrees to:

  • Protect Confidential Information with reasonable security measures (minimum: encryption at rest + in transit)
  • Disclose only to employees/contractors with need-to-know
  • Not disclose to press, competitors, or general public without prior written consent
  • Return or destroy Confidential Information within 30 days of pilot termination

7.3 Exceptions

Confidentiality does not apply to:

  • Information already public (before pilot start)
  • Information required by law (court order, regulatory request) — Provider gives Participant 10 days notice to seek protective order
  • Participant’s internal assessment (for board/investor review) — may be shared under separate NDA

8. LIABILITY & WARRANTIES

8.1 Disclaimer

AS-IS: System is provided AS-IS without warranties. Provider does not warrant:

  • System will prevent all attacks (no security tool is 100% effective)
  • System will achieve specific performance targets (targets are estimates, not guarantees)
  • System is compatible with all applications (integration may require modifications)

8.2 Participant’s Testing Responsibility

Participant is responsible for:

  • Testing System in non-production environment only
  • Verifying System does not break existing functionality
  • Backing up systems before integration
  • Having rollback plan if System causes issues

8.3 Provider’s Liability

Provider’s total liability for this pilot is $0 (pilot is free; no fees to limit).

Exceptions: Provider is liable for:

  • Gross negligence (e.g., intentional code injection into Participant’s system)
  • Breach of confidentiality (e.g., publicly disclosing Participant’s data)

8.4 No Indemnification

Participant assumes all risk of using System in its environment. Provider does not indemnify Participant against third-party claims.

9. TERM & TERMINATION

9.1 Pilot Duration

  • Start: [Effective Date]
  • End: 13 weeks later (approximately 90 days)
  • Extension: By mutual written agreement (cost $0, no additional terms)

9.2 Early Termination

Either party may terminate with 14 days written notice:

  • If Provider terminates: Participant receives no refund (pilot is free)
  • If Participant terminates: Provider retains all feedback/data; Participant must delete System within 7 days

9.3 Post-Termination

Within 30 days of pilot end:

  • Participant deletes System source code + binaries
  • Provider retains Participant’s feedback + telemetry (for product improvement)
  • Both parties may publish “Statement of Results” only if mutually agreed

10. PAYMENT & COSTS

10.1 Pilot Cost

  • System license: $0 (free pilot)
  • Provider support: $0 (included: 2x weekly calls, technical assistance, reporting)
  • Participant’s costs: Internal labor for integration, testing, red teaming

10.2 Phase 1 Commercial License (if Pilot Successful)

If pilot metrics are met:

Deployment Tier Annual License Support SLA
Small (1–3 critical binaries, <10 systems) $50,000 Business hours
Medium (5–10 binaries, 10–50 systems) $150,000 4-hour incident response
Enterprise (20+ binaries, 50+ systems) $500,000+ 24/7 on-call support

Note: These are estimates; final pricing negotiated separately after Statement of Results.

11. REPRESENTATIONS & WARRANTIES

11.1 Provider Represents

  • Has authority to grant license to System
  • System does not infringe third-party IP (to Provider’s knowledge)
  • Provider owns or controls all IP in System

11.2 Participant Represents

  • Has authority to sign this agreement
  • Will not use System outside pilot scope (test environment only)
  • Will comply with export control laws (System is not for embargoed countries/entities)

12. GENERAL PROVISIONS

12.1 Governing Law

  • This agreement is governed by Washington State law (where Provider is located)
  • Disputes resolved by binding arbitration (Seattle) rather than litigation

12.2 Entire Agreement

This agreement supersedes all prior discussions. Modifications require written consent from both parties.

12.3 Severability

If any provision is invalid, remaining provisions remain in effect.

12.4 Assignment

  • Provider may assign this agreement to any entity that acquires Provider’s business
  • Participant may not assign without Provider’s written consent

12.5 Contact Information

Provider:

  • Issac Davis
  • Port Angeles, Washington, USA
  • 📧 issdandavis7795@gmail.com
  • 🔗 GitHub: @davisissac

Participant:

  • [Name], [Title]
  • [Company], [Location]
  • 📧 [Email]
  • 📞 [Phone]

13. SIGNATURES

AGREED & ACCEPTED:

FOR PROVIDER:

Issac Davis
Signature: ________
Date: ________

FOR PARTICIPANT:

[Name], [Title]
Signature: ________
Date: ________

[Company Representative (if required)]
Signature: ________
Date: ________

APPENDIX A: System Requirements

Minimum:

  • Linux kernel 4.4+ or Windows 10+
  • Python 3.8+
  • 512 MB RAM available
  • 100 MB disk space (for library + tests)
  • Linux kernel 5.10+ or Windows 11
  • Python 3.10+
  • 2+ GB RAM (for monitoring + logging)
  • SSD (for faster log writes)

Supported Applications:

  • nginx 1.14+
  • OpenSSH 7.4+
  • Custom applications (with PAM/API integration)

APPENDIX B: Integration Checklist

Week 1–2 Sign-Off:

  • SCBE library deployed to test environment
  • 226 tests running, 100% passing
  • 2–3 target binaries identified + baseline metrics collected
  • Integration guide reviewed + questions answered
  • Participant ready for Phase 2 (monitoring mode)

Participant Signature: ________
Date: ________

APPENDIX C: Success Metrics Sign-Off

Weeks 9–13 (Final Assessment):

At end of pilot, Participant and Provider jointly assess:

Detection Rate:

  • ≥92%
  • 85–91%
  • <85%

CFI Overhead:

  • <0.5%
  • 0.5–1%
  • >1%

False Positives:

  • <3%
  • 3–5%
  • >5%

Latency (p99):

  • <2ms
  • 2–5ms
  • >5ms

Stability:

  • 99.9%+
  • 99%+
  • <99%

Overall Recommendation for Phase 1:

  • YES (Proceed to commercial license)
  • CONDITIONAL (Fix issues, extend pilot)
  • NO (Technical blockers; partnership not viable)

Participant Signature: ________
Date: ________

Provider Signature: ________
Date: ________

END OF AGREEMENT

Before finalizing:

  1. Replace [Customer Name] with actual company name
  2. Review Section 8 (liability) with your legal team (may need to add specific caps)
  3. Confirm Section 12.1 (Washington State law) works for your jurisdiction
  4. Add any regulatory clauses (HIPAA, PCI-DSS, FedRAMP, etc. if applicable)
  5. Adjust payment terms (Section 10.2) based on final pricing strategy

© 2026 Aethermoore - Issac Davis, Founder | Patent Pending (63/961,403) | Products | Demo

This site uses Just the Docs, a documentation theme for Jekyll.