Once an exception, the use of free and open-source software (FOSS) in commercial software products has become the rule. FOSS is particularly attractive to resource-strapped companies looking to avoid high software development costs or licensing fees, but even the biggies in the tech industry use FOSS. Despite its common use, FOSS carries risks and you need to do your due diligence.
FOSS licenses typically allow the public to access, modify, and redistribute the source code for the licensed software free of charge. In many instances, FOSS licenses also include a “viral” aspect in that they require the source code of derivative or collective works that include the licensed open-source software to be made available publicly under similar open source terms. Some FOSS licenses are restricted to noncommercial use and forbid use of the licensed software in products for commercial sale.
Despite the ubiquity of FOSS, its use is not without risks, including:
- Unintentional license grants or encumbrances on a company’s intellectual property;
- Exposure to contractual or intellectual property claims from FOSS licensors, distributors, or customers; and
- Damage to a company’s reputation within the FOSS and business communities.
When a company is planning a merger or acquisition, or an investor is interested in investing in a technology company, the transaction is almost always subject to a due diligence review process, in which the proposed acquiror or investor takes an in-depth look at the company or assets that are the subject of the transaction.
Appropriate due diligence review of FOSS will vary depending on the specific characteristics of the proposed transaction:
- If the target uses software internally, but its products or services don’t incorporate or depend on software, a FOSS review may be unnecessary;
- If the target’s rights to use software affects the value of the proposed transaction, there should be at least some FOSS due diligence; and
- If the target’s rights to use particular software is fundamental to the value of the transaction, a thorough review of the target’s FOSS use, contributions, policies, and practices is critical.
FOSS due diligence used to involve simply making sure that so-called “copyleft” software hadn’t been used by the target, but current practice includes much more. For example, the acquiror or investor may review the complete inventory of the target’s FOSS and all FOSS provisions in agreements that the target may have with suppliers, contractors, partners, and customers.
FOSS can serve as the backbone of a wide variety of technology companies, but don’t ignore the risks associated with its use. For an overview of FOSS licenses and a look at the specific concerns for investors, check out Free and Open-Source Software Diligence in Mergers, Acquisitions, Public Offerings, and Other Investments by Andrew J. Hall in the Winter 2014 issue of the California Business Law Practitioner. A related article was in the Fall 2009 issue: Open Source: A Challenge Worth Meeting.
Related CEB blog posts:
- Protecting Company Secrets: Checklist for Making a Plan
- Before Starting Up a Start-Up
- What IP Attorneys Need to Know About M&A Agreements
© The Regents of the University of California, 2014. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited.