This excerpt taken from the VRSN 10-K filed Jul 12, 2007.
5. Patch, update, and upgrade policy
Registry Operator may issue periodic patches, updates or upgrades to the Software, RRP/EPP or APIs (Licensed Product) licensed under the Registry-Registrar Agreement (the Agreement) that will enhance functionality or otherwise improve the Shared Registration System under the Agreement. For the purposes of this Part 5 of Appendix 7, the following terms have the associated meanings set forth herein.
1. A Patch means minor modifications to the Licensed Product made by Registry Operator during the performance of error correction services. A Patch does not constitute a Version.
2. An Update means a new release of the Licensed Product which may contain error corrections, minor enhancements, and, in certain circumstances, major enhancements, and which is indicated by a change in the digit to right of the decimal point in the version number of the Licensed Product.
3. An Upgrade means a new release of the Licensed Product which involves the addition of substantial or substantially enhanced functionality and which is indicated by a change in the digit to the left of the decimal point in the version of the Licensed Product.
4. A Version means the Licensed Product identified by any single version number.
Each Update and Upgrade causes a change in version.
Registry Operator, in its sole discretion, will deploy Patches during scheduled and announced Shared Registration System maintenance periods.
For Updates and Upgrades, Registry Operator will give each registrar notice prior to deploying the Updates and Upgrades into the production environment. The notice shall be at least ninety (90) days. Such notice will include an initial notice before deploying the Update that requires changes to client applications or the Upgrade into the Operational Test and Evaluation (OT&E) environment to which all registrars have access. Registry Operator will maintain the Update or Upgrade in the OT&E environment for at least thirty (30) days, to allow each registrar the opportunity to modify its client applications and complete testing, before implementing the new code in the production environment.
This notice period shall not apply in the event Registry Operators system is subject to the imminent threat of a failure or a material security threat, the discovery of a major security vulnerability, or a Denial of Service (DoS) attack where the Registry Operators systems are rendered inaccessible by being subject to: