• No results found

Open Source in the Real World: Beyond the Rhetoric

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Open Source in the Real World: Beyond the Rhetoric"

Copied!
22
0
0

Loading.... (view fulltext now)

Download now ( 22 Page )

Full text

(1)

Open Source in the Real World:

Beyond the Rhetoric

Maureen Dorney

Partner, DLA Piper

Kat McCabe

Board of Advisors, Black Duck Software, Inc.

Gemma Dreher

(2)

Introduction

Widespread availability and use of open source

software makes it important for corporate counsel

to understand the issues and best practices

Focus today on management of open source in:

Development

Procurement

(3)

Development

Internal policies and procedures for internal use,

external use and contributions mitigate risks

Options for managing use of open source

Committee (company vs. business unit)

Pre-approval/disapproval of certain licenses

Individual

Educate developers and others on policies,

procedures and risks

(4)

Development

Require review/approval before check in

Applicable license and source (e.g., website)

Confirm that license meets internal policies

Technical/legal personnel perform final

code review before distribution

Review code branches and developer comments

Consider audit tools to scan and identify open

source

(5)

Development

Document use of source code

Location

Version

Applicable License

Obligations

(6)

Procurement

Commercial Open Source Procurement Eco-System

Third Party Developers (includes offshore development)

Enterprise Software Vendors (both upstream and downstream) ASP or SAS Providers (use but no distribution)

OEM Relationships (many companies have inconsistent policies) VAR and ISV Models (present similar issues as those found in OEM relationships)

Often Different Divisions of Technology Companies

Deploy Conflicting Policies

(7)

Procurement

Formulation of an Open Source Procurement Strategy

An Open Source Procurement Strategy Should Parallel and be

Compatible with Internal Development and Downstream Licensing Strategies:

Your Channel Requirements Software Architecture

Warranties and Indemnities

Conformance of Licenses and Proprietary Rights Notices Implementation of “Standard” Software Solutions

Consider Dual Source Options Where Appropriate

The Same Open Source Policy and Approval Structure for Internal Development should Extend to Procurement

Procurement Partners Can Have Very Different Open Source Strategies

(8)

Sample Procurement Clauses

Prohibited Uses of the Source Code. Company will not make the Source Code of the Software available on a non-confidential basis. Company shall not combine or distribute the Source Code with any Publicly Available Software. As used in this Agreement, “Publicly Available Software” means each of: (i)any software that contains, or is derived in any manner (in whole or in part) from, any software that is distributed as free software, open source software

(e.g., Linux) or similar licensing or distribution models; and (ii) any software

that requires as a condition of use, modification and/or distribution of such software that other software distributed with such software (A) be disclosed or distributed in source code form; (B) be licensed for the purpose of making derivative works; or (C) be redistributable at no charge. Publicly Available Software includes, without limitation, software licensed or distributed under any of the following licenses or distribution models, or licenses or distribution models similar to any of the following: (i) GNU’s General Public License (GPL) or Lesser/Library GPL (LGPL), (ii) The Artistic License (e.g., PERL), (iii) the Mozilla Public License, (iv) the Netscape Public License, (v) the

Licensee Community Source License (SCSL), and (vi) the Licensee Industry Standards License (SISL).

(9)

Sample Procurement Clauses

Licensor shall provide to Licensee in Exhibit A below: (a) a list of all Open Source Technology (including, but not limited to code licensed under the GPL or LGPL) incorporated into or combined with the

Software, (b) a description of how the Open Source Technology is incorporated with or into, or interacts with, or will interact with, the Software or any technology that may be incorporated with the

Software and/or Licensee products and (c) a copy of the license governing the use and distribution of the Open Source Technology. Licensor agrees to fully cooperate with Licensee to insure compliance by both parties with the terms of any license governing the use of any Open Source Technology in any Software delivered by Licensor to Licensee. Licensor shall comply with a request from Licensee to grant rights and immunities under Licensor’s Intellectual Property rights to third parties as required to insure compliance with the terms of any license governing the use of any Open Source Technology in any Software delivered by Licensor to Licensee.

(10)

Sample Procurement Clauses

Licensor grants to Licensee a non-exclusive, perpetual, irrevocable and worldwide license under Licensor’s Intellectual Property Rights to, in any fashion Licensee may choose (including, but not limited to,

community source and/or open source licensing, except any BSD license (i) reproduce, prepare Derivative Matter of, compile, publicly perform, publicly display, demonstrate, market, disclose and distribute the Software and modifications thereof in source code or object code form on any media or via any electronic or other method now known or later discovered; (ii) make, have made, use, sell, offer to sell, import and otherwise exploit the Software and modifications thereof in source code or object code form in any manner and on any media or via any electronic or other method now known or later discovered; and (iii) sublicense the foregoing rights to third parties through multiple tiers of sublicensees or other licensing mechanisms at Licensee’s option.

(11)

Changes in Due Diligence

Traditional technology due diligence

Contract review

Interviews with management

Provides an incomplete picture

New approach

Need to address lack of information about downloaded

code (open source and third party)

(12)

Specific Buyer Concerns – Code Provenance

Code Provenance = Chain of Title

Tens of thousands of developers worldwide

contribute to open source

Potential lack of attention to and understanding of

IP rights

Reputable source of code is key

Well-known, well-run open source projects vs.

less known software developers

(13)

Specific Buyer Concerns – License Terms

Need to identify and review open source

license terms

Has the target complied?

Potential liability for breach of contract and

infringement

Is the buyer comfortable with the conditions

and obligations going forward?

(14)

Specific Buyer Concerns – License Terms

The General Public License (GPL)

exemplifies significant license conditions

Developed by Richard Stallman

GPLv2 first issued in the early 1990s; today,

one of the world’s most popular open source

licenses

GPLv3 issued in June, 2007; addresses new

issues, e.g. patent and digital rights

(15)

Specific Buyer Concerns – License Terms

Copyleft/Reciprocity (under GPLv2 and

GPLv3)

Goal to achieve the opposite of copyright

Condition of re-distribution is re-licensing

under the GPL

GPL provides broad user rights and access to

source code

Key issue: reciprocity typically conflicts with

traditional licensing models

(16)

Specific Buyer Concerns – License Terms

Patent Provisions under GPLv3

Goal to address the threat of patents

Broad patent license

Patent retaliation provision

Complex provisions to protect against third

party patent licenses

Key issue: patent provisions may have

(17)

Specific Buyer Concerns – License Terms

Anti-Digital Rights Management (under GPLv3)

Goal to give users the right to modify code and

redeploy it on the applicable consumer device

Consumer device companies required to give

installation information, along with broad rights

and source code

Key issue: consumer device manufacturers

particularly concerned about GPLv3

(18)

Specific Buyer Concerns – License Terms

Broad Disclaimer of Warranties and Liability

(under GPLv2 and GPLv3)

(19)

Code Analysis – Practical Considerations

Who will Perform the Analysis?

Buyer

Target concern of misuse/Buyer concern of taint

Target

Buyer concern of incomplete analysis

Third Party

Resolves inherent tension

(20)

Code Analysis – Practical Considerations

Where?

Target wants control of code; target offices are

the preferred location

Target needs to determine rules of engagement

Target needs to manage employee expectations;

e.g. with cover stories

(21)

Code Analysis – Practical Considerations

Legal Analysis of Results

Assessment of code origins

Many unknown sources or a few reputable ones?

Review of license terms

Permissive or onerous?

Assessment of Target’s compliance

Evaluation potential copyright and contract claims

(22)

Open Source and M&A Summary

Buyers are concerned about unknown open source

code in the target’s code base

Buyers now require physical code assessments

Unprepared targets risk problems in due diligence

and disruption of the deal

References

Download now ( PDF - 22 Page - 1.62 MB )

Related documents

Introduction. The Infrastructure

That study resulted in a complete rebuild of the facility in early 2004 that included a complete reor- ganization of the audio and video cabling throughout the studio and

AVOIDING THE PAYDAY LOAN DEBT TRAP

- Additional fees and potential collection costs from Lender. - Overdraft fees from Borrower’s bank if insufficient funds

Return of Organization Exempt From Income Tax

For each individual whose compensation must be reported on Schedule 3, report compensation from the organization on row (i) and from related organizations, described in

Is Lead Generation Right For Your Business? Brought To You By: Jason McCullough

Most business owners that I run into think that getting their website to the top of the Google Search Rankings is the best they can do in terms of “Online Lead Generation” for

Date: 13/12/2020 CHHATTISGARH. Regd. Office : Aakash Tower, 8, Pusa Road, New Delhi Ph.: Answers & Solutions

Choose the correct alternative to fill the missing term/terms in the given series.. They have certain relationship between them. The same relationship exists between the

Open Source and License Source Information

• (Optional) If your BlackArmor administrator has enabled the Media Service on the server and you have access to the share where the music files are stored, install iTunes on your

The Open Source community

The virtual machine will now also appear in the contact list on the left, and it is here that the Archipel manager can view the machine status and execute life-cycle commands – such

YOUR super HANDBOOK YOUR QLD. Issued: 22 june 2012

From 1 July 1999 all contributions paid into a super fund are classified as preserved, including the investment earnings credited to your Flexible Choice account on