17 Sep 2008
Increasing numbers of businesses are using open-source software to develop technology – the obvious attraction being the possibility of using, modifying and distributing the open-source code without paying a fee to the developer. But the business and financial risks surrounding the use of open source must also be taken into account because they can have a substantial impact on the value of a business.
A firm’s IT systems and software are among its most important assets. As a result, a company’s rights to protect and commercialise its technology have become more significant when the firm is up for sale or looking for investors. In particular, open-source software can have a dramatic effect on due diligence and deal negotiations. It also prompts companies to add disclosures to their offering memoranda and shareholder communications about business model risks resulting from their use of open source.
Further reading
The reasons for this are rooted in the key differences between open-source software and other types of licensed software. This can mean companies that use open source may not fully own or control their products. Open-source software is, of course, not put in the public domain with no strings attached – it comes with licence terms and conditions chosen by the program’s author.
If a company uses code that is subject to a “reciprocal” licence such as the general public licence (GPL) to create a product, it must make that product’s software available in source code form so that others can use, modify, distribute and incorporate that code into other software – without charging a licence fee. Companies will be subject to these reciprocal obligations even if the firm depends on software licensing revenue or the sale of equipment containing embedded software – which may mean that business leaders have to make their most valuable asset available for free to anyone who wants it.
Large companies such as IBM and Oracle may not have to charge for their technology – they can make money selling profitable consulting services, hardware and databases alongside their products built on open-source software. But for smaller companies, relying on open source can present risks to their main sources of revenue.
The recent trend of taking companies to court for open-source software licence violations has heightened awareness of the issues among venture capital investors and mergers and acquisitions (M&A) advisors.
In 2006, a German court found the network device manufacturer D-Link had violated the GPL by distributing certain Linux operating system software as part of its products. In 2007 and 2008, the authors of a set of open-source utilities called BusyBox sued Verizon Communications and several other companies for GPL violations, which resulted in the companies making settlement payments and releasing their source code on the internet. And last month a US appeals court ruled in a precedent-setting decision that violations of open-source software licence terms can result in liability for copyright infringement.
Sophisticated buyers are now also familiar with the problems faced by Cisco after spending $500m (£283m) to purchase Linksys, the manufacturer of home networking equipment. Shortly after the acquisition, Cisco was forced to release online the source code for various products that Linksys had created using open-source software.
Today, sophisticated buyers carefully review the software code used by target companies they wish to purchase. If a buyer cannot identify the licences governing its use of software, the sellers of the target will run into trouble during due diligence because of legal uncertainties over intellectual property rights. If the code review also reveals that a company being sold has been using open-source software in developing its products or key internal systems, buyers now take a close look as part of technical due diligence at how the software has been used.
Recently, some buyers have been factoring in the potential cost of rewriting software or licensing alternative software from another source into the costs of the acquisition where the open-source software is part of code that is important to the target company’s business. If the required rewriting appears to be extensive or alternative software is only available at a significant additional cost, the buyer might even be justified in seeking an adjustment to the purchase price. At a minimum a buyer will require detailed additional warranties if it is found that the target has made extensive use of open-source software.
In seeking to avoid these problems, investors and acquirers increasingly expect companies that rely on software to adopt compliance policies that control how, and in what circumstances, software code is acquired from third-party sources and incorporated into a company’s products. These policies may require that no open-source code will be used, or they may create a process that allows developers to ask senior management to approve the use of certain identified applications or tools. These policies would usually also include formal licence management processes and a pre-release licence compliance check before a product is issued.
In summary, for companies about to be sold, senior executives must be able to respond to due diligence enquiries about intellectual property (IP) ownership and use of open-source software – and to demonstrate that IP issues have been properly managed and do not threaten future revenue streams. The same is true for investors venture capitalists, eager to protect their returns and possi ble exit, are also requiring that their portfolio firms manage open-source issues appropriately.
Good IP management has always been the hallmark of a well-run company, but with the increased focus on open-source software risks in venture capital and M &A deals, the stakes are now much higher.
David Boutcher is a partner at Reed Smith, where he heads the Europe and Middle East corporate group; Bob Stankey, also of Reed Smith, is a partner specialising in technology.
He talks of 'business users' and then quotes some really obscure technology cases.
Most business users in this country are likely using open source software to run web servers or maybe content management systems. No problems.
Most business users in the UK are not intending on creating a modified linux distribution and selling network or storage hardware.
If you want to make money by selling a product *you* are pretending is all your own work then that is a different matter altogether. Shame on you in that case.
Posted by: Gary 24 Sep 2008
Be careful. If you take GPL code and modify it "within" your business. You are under no obligation to release any modifications you make until or unless you decide to "re-distribute" your derived work. If you do, then you are obliged by the terms of the GPL to also make public the source code. But if it is only for in-house use. There is no such obligation.
Posted by: The Open Sourcerer 19 Sep 2008
Your article states that a company that USES code that is subject to a licence such as the GPL MUST then share its source is completely wrong and misleading.
The GPL actually states that an organisation that RE-DISTRIBUTES GPL subjected code MUST then make the source code available
If an organistaion merely USES GPL code within their own organisation, there is NO such requirement to distribute the changes.
And the source that must be distributed is limited to code that is statically linked to existing GPL code.
For example...
1. F5 BigIP is based around the Linux kernel and the actual F5 Intellectual Property is enshrined in a separate executable that runs UNDER the GPL Gnu-Linux OS. The source code for any changes made to GNU-Linux must therefore be distributed, but the source to re-create the tmm application that does the actual load balancing does not. Result? F5 did make available the source code and the changes made to the actual GNU-Linux (They changes amounted to very little BTW).
2. Oracle distributes a version of Oracle DB for Linux. They use linux extensively internally. But do NOT have to distribute the source to Oracle itself because it is just another application utilising the GNU-Linux OS.
3. Linksys distributed a firmware that was based heavily around GNU-Linux and various other GPL licensed products. Result? Linksys had to distribute the sources to the build system to create the firmware image and any changes to GPL source code they had made.
I found your article to be misleading and biased in almost every way against open source. Either this was intended as an ad for companies with vested interests in selling proprietary software and keeping users locked into their own proprietary model, or the author was woefully misunderstanding the realities of the GPL and openSource.
Posted by: Hamish 18 Sep 2008
Have your say on this article
Newsletters
Latest stories from Open Source
Latest videos
You may also like
Open Source jobs
Will Facebook be able to continue its success as a public company?
Rubbish in... rubbish enterprise. Why proper data management is so important (video, 6 min)
This Forrester report compares the costs and benefits of legacy email and productivity software with Google Apps
Upcoming Events
The implementation of robust, relevant digital strategies is more crucial than ever to the success of insurance businesses
Date: 01 Mar 2012
Time: 09:00am
A showcase of the latest in the information content and management
Date: 20 Mar 2012
Time: 09:00am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
