How to Mitigate the Risks Associated with Open Source Code

eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

By Deborah A. Wilcox and Monica S. Verma

/images/stories/70×50/bug_knowledgecenter_70x70_(2).jpgIn the last decade, use of open source software has risen from the basement of the weekend code warrior to the high-rise of enterprise development strategist. This surge in corporate popularity can be attributed to the cost-effectiveness, efficiency and reliability of open source code. Yet, use of open source code presents risks–especially for a company acquiring technology assets that include open source code.

Does that mean that the risks outweigh the benefits? Probably not. A few years ago, most companies took a conservative approach, attempting to avoid open source code at all costs. Today, that approach is outdated. The market has since developed means of mitigating the risks associated with using open source code.

The Benefits of Open Source Code

There is no doubt that there are benefits to be gained from using open source code. An open source license generally requires anyone who distributes open source code software to redistribute all modifications in object and source code form. It also allows any other users to modify and redistribute the code under the same open source license terms. The benefits of open source software derive from the online, global community of developers willing to contribute time and knowledge to the development life-cycle. Although these advantages have become widely accepted, increased corporate dependence on open source has introduced many new issues into the realm of mergers and acquisitions. These issues must be addressed by potential acquiring companies.

Potential Risks for Acquiring Companies

In any transaction, acquiring companies should be aware of the potential risks that open source software may introduce. For example, consider a company that derives substantial revenue from licensing its proprietary software under a traditional software license. A situation arises where an employee, facing an impending deadline, incorporates a portion of open source code into the company’s software. A few years later, that company is acquired. The open source developer then discovers that the company has been using the code in violation of the open source license and seeks to enforce the license.

The acquiring company is now in a situation where it may be forced to release its proprietary source code and also absorb the expense of reprogramming the software in order to continue its business. The acquiring company may have been able to avoid this problem, or at least more accurately value the assets of the target company, had it performed a thorough due diligence review of the target company’s proprietary software.

Due Diligence Mitigates the Risks

Companies can mitigate the risks associated with using open source software in mergers and acquisitions by performing the appropriate due diligence in regards to the target company’s use of any open source software. The acquirer should determine how the target company uses open source software. Specifically, it should find out whether or not any open source code is integrated into the company’s proprietary software that generates licensing revenue.

The due diligence review could be as simple as providing questionnaires to the company’s developers regarding the use of any open source software. On the other hand, the review could also include the use of automated code-scanning systems designed to detect open source code. The acquiring company should conduct the due diligence necessary to achieve a level of comfort that the company is not violating any open source licenses. Also, this review should verify that the company’s software does not contain open source code which would infringe on any third-party copyrights.

Negotiate Representations and Warranties

An acquiring company should also negotiate the appropriate representations and warranties in any transaction documents regarding the use of open source software. Specifically, documents should be set in place in order to provide some redress in a situation where an open source license violation is discovered, or upon revelation that any open source code contains infringing material. Likewise, it is important for an acquiring company to negotiate the appropriate carve-outs from any liability caps because any infringement or license enforcement litigation could involve significant costs.

Insuring Against the Financial Risks

If the acquired software purchased is a substantial and important asset for the acquiring company, that company should also consider obtaining insurance. It should insure against any financial risks that may result from any business interruption resulting from any claims relating to the use of the acquired software assets.

Given the benefits, companies that develop software will continue to increase their reliance on open source software as a cost-reduction strategy. At the outset, the cost of conducting a thorough due diligence may seem high. However, if the acquiring company makes sure it knows upfront what it is buying, addresses any issues by reprogramming the software, creates a workaround to the existing software (if necessary), and obtains appropriate insurance, it will be saving itself a lot of headache in the long run.

/images/stories/heads/wilcox_deborah70x70.jpg Deborah A. Wilcox is Partner at Baker & Hostetler LLP. She is co-chair of Baker & Hostetler LLP’s Intellectual Property Litigation practice. She has been rated as preeminent in her field, with the highest ethical standard, by Martindale-Hubbell (an authoritative resource on the legal profession). Ms. Wilcox manages complex copyright, trademark and e-commerce litigation from contractual software disputes to the ex parte seizures of infringing character and sports merchandise. She is also experienced in copyright, trademark and Internet domain name selection, registration and licensing, both domestically and internationally.

Ms. Wilcox counsels clients on intellectual property and advertising matters in merchandising and entertainment areas such as cartoons, sports, music, telecommunications, television, restaurants, household goods and appliances, gifts, toys, and power tools. She has taught Trademarks as an adjunct professor at Case Western Reserve University Law School. Ms. Wilcox is also on the Advisory Board for University of Florida’s Fredric G. Levin College of Law. She can be reached at dwilcox@bakerlaw.com.

/images/stories/heads/verma_monica70x70.jpg Monica S. Verma is Partner at Baker & Hostetler, LLP. She routinely supports clients with the creation of joint ventures, strategic alliances and licensing arrangements. She has experience in drafting and negotiating agreements that involve the development, maintenance, outsourcing, licensing, transfer and sharing of intellectual property. In addition, Ms. Verma assists clients with technology and intellectual property acquisition due diligence, and handles trademark portfolios for a diverse clientele, both domestically and internationally.

Ms. Verma’s international focus is in the area of transactions pertaining to consulting and software development, technology transfer and outsourcing. She assists clients in drafting and negotiating offshoring agreements relating to software and application development and support agreements. She handles all aspects of such transactions including management of RFP process, drafting and negotiation of offshoring agreements. She also provides general advice to clients regarding doing business in India.

Prior to practicing in the United States, Ms. Verma was an associate lawyer with the Chief Senior Counsel for the Central Government of India. She represented clients in matters relating to civil litigation, commercial transactions and constitutional law. She can be reached at mverma@bakerlaw.com.