Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Open Source in the Real World:Beyond the Rhetoric
Maureen DorneyPartner, DLA Piper
Kat McCabeBoard of Advisors, Black Duck Software, Inc.
Gemma Dreher Senior Counsel, BAE Systems
ACC Webinar January 15, 2008
IntroductionWidespread availability and use of open sourcesoftware makes it important for corporate counselto understand the issues and best practices
Focus today on management of open source in:Development
Procurement
Due Diligence (M&A context from Buyer perspective)
ACC Webinar January 15, 2008
DevelopmentInternal policies and procedures for internal use,external use and contributions mitigate risks
Options for managing use of open sourceCommittee (company vs. business unit)
Pre-approval/disapproval of certain licenses
Individual
Educate developers and others on policies,procedures and risks
ACC Webinar January 15, 2008
DevelopmentRequire review/approval before check in
Applicable license and source (e.g., website)Confirm that license meets internal policies
Technical/legal personnel perform finalcode review before distribution
Review code branches and developer commentsConsider audit tools to scan and identify opensource
ACC Webinar January 15, 2008
DevelopmentDocument use of source code
Location
Version
Applicable License
Obligations
Ensure compliance with obligations
ACC Webinar January 15, 2008
ProcurementCommercial Open Source Procurement Eco-System
Third Party Developers (includes offshore development)Enterprise Software Vendors (both upstream and downstream)ASP or SAS Providers (use but no distribution)OEM Relationships (many companies have inconsistent policies)VAR and ISV Models (present similar issues as those found inOEM relationships)
Often Different Divisions of Technology CompaniesDeploy Conflicting PoliciesComplexities of Dual Source Models
ACC Webinar January 15, 2008
ProcurementFormulation of an Open Source Procurement Strategy
An Open Source Procurement Strategy Should Parallel and beCompatible with Internal Development and Downstream LicensingStrategies:
Your Channel RequirementsSoftware ArchitectureWarranties and IndemnitiesConformance of Licenses and Proprietary Rights NoticesImplementation of “Standard” Software SolutionsConsider Dual Source Options Where Appropriate
The Same Open Source Policy and Approval Structure for InternalDevelopment should Extend to ProcurementProcurement Partners Can Have Very Different Open SourceStrategies
ACC Webinar January 15, 2008
Sample Procurement ClausesProhibited Uses of the Source Code. Company will not make the SourceCode of the Software available on a non-confidential basis. Company shall notcombine or distribute the Source Code with any Publicly Available Software.As used in this Agreement, “Publicly Available Software” means each of:(i)any software that contains, or is derived in any manner (in whole or in part)from, any software that is distributed as free software, open source software(e.g., Linux) or similar licensing or distribution models; and (ii) any softwarethat requires as a condition of use, modification and/or distribution of suchsoftware that other software distributed with such software (A) be disclosed ordistributed in source code form; (B) be licensed for the purpose of makingderivative works; or (C) be redistributable at no charge. Publicly AvailableSoftware includes, without limitation, software licensed or distributed underany of the following licenses or distribution models, or licenses or distributionmodels similar to any of the following: (i) GNU’s General Public License(GPL) or Lesser/Library GPL (LGPL), (ii) The Artistic License (e.g., PERL),(iii) the Mozilla Public License, (iv) the Netscape Public License, (v) theLicensee Community Source License (SCSL), and (vi) the Licensee IndustryStandards License (SISL).
ACC Webinar January 15, 2008
Sample Procurement ClausesLicensor shall provide to Licensee in Exhibit A below: (a) a list of allOpen Source Technology (including, but not limited to code licensedunder the GPL or LGPL) incorporated into or combined with theSoftware, (b) a description of how the Open Source Technology isincorporated with or into, or interacts with, or will interact with, theSoftware or any technology that may be incorporated with theSoftware and/or Licensee products and (c) a copy of the licensegoverning the use and distribution of the Open Source Technology.Licensor agrees to fully cooperate with Licensee to insure complianceby both parties with the terms of any license governing the use of anyOpen Source Technology in any Software delivered by Licensor toLicensee. Licensor shall comply with a request from Licensee to grantrights and immunities under Licensor’s Intellectual Property rights tothird parties as required to insure compliance with the terms of anylicense governing the use of any Open Source Technology in anySoftware delivered by Licensor to Licensee.
ACC Webinar January 15, 2008
Sample Procurement ClausesLicensor grants to Licensee a non-exclusive, perpetual, irrevocable andworldwide license under Licensor’s Intellectual Property Rights to, inany fashion Licensee may choose (including, but not limited to,community source and/or open source licensing, except any BSDlicense (i) reproduce, prepare Derivative Matter of, compile, publiclyperform, publicly display, demonstrate, market, disclose and distributethe Software and modifications thereof in source code or object codeform on any media or via any electronic or other method now knownor later discovered; (ii) make, have made, use, sell, offer to sell, importand otherwise exploit the Software and modifications thereof in sourcecode or object code form in any manner and on any media or via anyelectronic or other method now known or later discovered; and (iii)sublicense the foregoing rights to third parties through multiple tiers ofsublicensees or other licensing mechanisms at Licensee’s option.
ACC Webinar January 15, 2008
Changes in Due Diligence
Traditional technology due diligenceContract review
Interviews with management
Provides an incomplete picture
New approachNeed to address lack of information about downloadedcode (open source and third party)
Automated code review used to find downloaded code
ACC Webinar January 15, 2008
Specific Buyer Concerns – Code Provenance
Code Provenance = Chain of TitleTens of thousands of developers worldwidecontribute to open source
Potential lack of attention to and understanding ofIP rights
Reputable source of code is keyWell-known, well-run open source projects vs.less known software developers
Buyer assessment of potential liabilities
ACC Webinar January 15, 2008
Specific Buyer Concerns – License Terms
Need to identify and review open sourcelicense terms
Has the target complied?Potential liability for breach of contract andinfringement
Is the buyer comfortable with the conditionsand obligations going forward?
ACC Webinar January 15, 2008
Specific Buyer Concerns – License Terms
The General Public License (GPL)exemplifies significant license conditions
Developed by Richard StallmanGPLv2 first issued in the early 1990s; today,one of the world’s most popular open sourcelicensesGPLv3 issued in June, 2007; addresses newissues, e.g. patent and digital rightsmanagement (DRM)
ACC Webinar January 15, 2008
Specific Buyer Concerns – License Terms
Copyleft/Reciprocity (under GPLv2 andGPLv3)
Goal to achieve the opposite of copyrightCondition of re-distribution is re-licensingunder the GPLGPL provides broad user rights and access tosource codeKey issue: reciprocity typically conflicts withtraditional licensing models
ACC Webinar January 15, 2008
Specific Buyer Concerns – License Terms
Patent Provisions under GPLv3Goal to address the threat of patents
Broad patent license
Patent retaliation provision
Complex provisions to protect against thirdparty patent licenses
Key issue: patent provisions may haveunwanted impact on the user’s patent portfolio
ACC Webinar January 15, 2008
Specific Buyer Concerns – License Terms
Anti-Digital Rights Management (under GPLv3)
Goal to give users the right to modify code andredeploy it on the applicable consumer device
Consumer device companies required to giveinstallation information, along with broad rightsand source code
Key issue: consumer device manufacturersparticularly concerned about GPLv3
ACC Webinar January 15, 2008
Specific Buyer Concerns – License Terms
Broad Disclaimer of Warranties and Liability(under GPLv2 and GPLv3)
Key issue: no operational or legal support
ACC Webinar January 15, 2008
Code Analysis – Practical Considerations
Who will Perform the Analysis?
BuyerTarget concern of misuse/Buyer concern of taint
TargetBuyer concern of incomplete analysis
Third PartyResolves inherent tension
Acts as a buffer between the parties
ACC Webinar January 15, 2008
Code Analysis – Practical Considerations
Where?
Target wants control of code; target offices arethe preferred location
Target needs to determine rules of engagement
Target needs to manage employee expectations;e.g. with cover stories
ACC Webinar January 15, 2008
Code Analysis – Practical Considerations
Legal Analysis of Results
Assessment of code originsMany unknown sources or a few reputable ones?
Review of license termsPermissive or onerous?
Assessment of Target’s complianceEvaluation potential copyright and contract claims
Results can affect deal pace and terms
ACC Webinar January 15, 2008
Open Source and M&A Summary
Buyers are concerned about unknown open sourcecode in the target’s code base
Buyers now require physical code assessments
Unprepared targets risk problems in due diligenceand disruption of the deal
Prepared targets improve the deal process