Practicing Law Institute

1
Practicing Law Institute Open Source
Software Risks, Benefits Practical Realities in
the Corporate Environment Acquisition and
Outsourcing Concerns Stephen M. Fronk (c) 2004
Howard Rice Nemerovski Canady Falk Rabkin, A
Professional Corporation
2
Acquisitions

• An acquirer must understand the IP and business
  implications of a targets incorporation of open
  source software into the targets products and
  take steps to mitigate associated risks
• A target must understand that failure to control
  and document incorporation of open source
  software into the targets products could
  undermine ability to effect a successful exit

3
Acquirers Tools

• Diligence Process
• Representations/Warranties
• Indemnities

4
Diligence Process

• Determine whether target has a process in place
  for (1) approval and documentation of
  incorporation of open source software into
  targets products and (2) compliance with open
  source license obligations
• Have your developers talk to their developers
• Include open source-specific questions on the
  initial diligence questionnaire

5
Diligence Process

• For example
• (1) Please list any software (including firmware
  and other software embedded in hardware devices)
  owned, developed (or currently being developed),
  used, marketed, distributed, licensed, or sold by
  the Company that is subject to any copyleft or
  other obligation or condition under any open
  source license
• (2) Does any such license require, or condition
  the use or distribution of such Company software
  on, the disclosure, licensing, or distribution of
  any source code for any portion of such Company
  software?
• (2) Has the Company distributed any such Company
  software?
• (3) If so, when, to whom, and on what terms?

6
Acquisition Rep/Warranty
No software (including firmware and other
software embedded in hardware devices) owned,
developed (or currently being developed), used,
marketed, distributed, licensed, or sold by the
Company (collectively, the Company Software) is
subject to any copyleft or other obligation or
condition (including any obligation or condition
under any open source license such as the GNU
Public License, Lesser GNU Public License, or
Mozilla Public License) that (a) could require,
or could condition the use or distribution of
such Company Software on, the disclosure,
licensing, or distribution of any source code for
any portion of such Company Software, or
(b) could otherwise impose any limitation,
restriction, or condition on the right or ability
of the Company to use or distribute any Company
Software
7
Indemnification

• Require post-closing indemnification for losses
  and liabilities arising from breaches of open
  source reps/warranties
• Bring down such reps/warranties to closing
• Exclude such losses and liabilities from cap and
  time-based bars

8
Acquirers Options

• Close your eyes and jump
• Require code re-write (and carefully consider
  implications of pre-acquisition distributions)
• Re-negotiate purchase price (or other deal
  points)
• Walk away

9
Targets Burdens

• Educate employees about impacts of various open
  source licenses
• Conduct audit of your code genealogy
• Implement formal process for authorizing use of
  open source components
• Document such uses carefully

10
Targets Burdens

• Consider limiting use of open source software
  toancillary products
• Consider limiting use of open source softwareto
  specific modules
• Screen your upstream suppliers open
  sourcesoftware policies
• Screen your downstream licenses to ensure
  compliance with open source obligations

11
A Cautionary Tale

• In 2003, Cisco acquired Linksys (a privately-held
  provider of home networking products with a broad
  line of wired and wireless products for consumers
  and SOHO) for 500 million in common stock
• Shortly thereafter, Cisco learned that Linksys
  popular WRT54 networking routers contained chips
  (purchased from Broadcom) that ran on the Linux
  operating system
• The Free Software Foundation demanded that Cisco
  and Broadcom either (1) rip out all the Linux
  code in the router and use some other operating
  system, or (2) make their code available to the
  entire world
• The firmware source code is now available on the
  Linksys Web site

12
Outsourcing

• Because (generally) an outsourcing agreement is
  entered into prior to development, the client can
  demand that the developer implement a process to
  ensure that no open source software is
  incorporated into deliverables (or, at a minimum,
  that any such incorporation is pre-authorized by
  client)
• Require developer to submit deliverables to open
  source review
• Otherwise, same issues as in acquisitions (i.e.,
  rep/warranty and indemnification protections)

13
Final Thoughts

• Acquisitions are where the rubber meets the road
  vis-à-vis open sourcesoftware issues
• Heightened awareness in business community of
  prevalence of open source software use coupled
  with uncertainty (or lack of knowledge) about
  implications of such use creates quasi-paranoid
  environment
• If you havent implemented a policy to
  pre-authorize/document your use of open source
  software, you will have trouble surviving
  diligence, will have limited your exit
  strategies, and will be asked to make
  representations/warranties that pose unknown
  risks
• If you have, you can educate and assuage the
  fears of the acquirer

14
Questions?
Stephen M. Fronk Howard Rice Nemerovski Canady
Falk Rabkin Three Embarcadero Center Seventh
Floor San Francisco, CA 94111 (415)
434-1600 sfronk_at_howardrice.com