Commercial software developers are often drawn to open source code to help deliver a low cost and flexible product that can quickly be brought to market. While there are benefits, there are also risks and pitfalls. With the growth and influence of free software licensing, some have been asserting the General Public License (GPL) violations in litigation to attempt to gain an advantage. Please join us as we explore these issues and discuss strategies to protect your product from litigation and to evaluate whether your new product will be strengthened or weakened by the integration of open source software, and in particular the GPL.
Gain insight into:
- Reach of the influential free software license GPL;
- Emerging risk of copyright trolls in open source;
- Risk of Free Software Foundation sponsored litigation in response to GPL violations;
- Contours of what constitutes a derivative work employing Linux code in the context of the GPL; and
- Lessons learned from the Hellwig vs. VMware case.
Strategies for Commercial Software Developers Using Open Source Code in Proprietary Software
1. Strategies for Commercial Software
Developers Using Open Source Code
in Proprietary Software
October 4, 2016
2. 2
Offices
Boston
Seaport Innovation District
Concord
Route 128 Technology Corridor
By the Numbers
1980
Year Founded
22
Technology Specialties
Bioinformatics
Biotechnology & Life Sciences
Biologics & Immunotherapeutics
Chemical Engineering
Pharmaceuticals
Chemistry
Material Sciences
Clean Technology
Medical Devices
Medical Imaging
Mechanical Engineering
Electrical Engineering
Semiconductors
Optics
Robotics
Mobile
Internet of Things
Network Infrastructure
Telecommunications
Computer Hardware
Computer Software
Business Methods
37
Attorneys,
Patents Agents,
Technology Specialists
19
Firm accolades since
2010, including:
4
3. 5
Mary Lou Wakimura
Principal
Hamilton Brook Smith Reynolds
Giovanna Fessenden
Of Counsel
Hamilton Brook Smith Reynolds
Thomas Schubert
Lead Counsel Software Licensing
Siemens AG
4. Background of Open Source
Licensing and IP Law
Open Source Software (OSS)
Copyrighted but access to source code with
rights to modify
Licensee may copy and make derivative works
If distribute derivative works, then perpetuate
original OSS terms
6
5. Key Goals of Commercial Software
Vendors Who Use OSS
Maintain ability to deliver
Protect IP from devaluation
Mitigate security vulnerabilities
Control contributions to OSS community
Avoid exposure to Copyright Trolls
7
6. Main Challenges:
Most of today’s commercial software contains Open Source
A typical complex application contains 30-80 OSS
components
Each OSS component contains one or several licenses
• Example: Linux Kernel has about 95 different licenses and
license combinations
Minor license violation may terminate your right to use
• Example: You must ship a copy of the GPL license with your
product
Maintain Ability to Sell Products
7. Strategies to consider:
1. Pass OSS usage policy and enforce it without imposing unnecessary
bureaucracy on the organization
2. Build the right team (lawyers with software knowhow, engineers with
licensing expertise)
3. Procure the right clearing platform
4. Install a high-performance process close to the engineering operation
5. Don’t forget to also tackle commercial standard software (COTS)
6. Be aware of potential OSS license incompatibilities (rarely a problem)
7. Ensuring compliance throughout the supply chain is difficult
• Actively solicit OSS information from your suppliers
• Treat absence of OSS information like a product defect
• Secure your position by including contractual language around OSS matters
Maintain Ability to Sell Products
8. Main Challenges:
Uncontrolled use of OSS with viral licenses may devalue your
software assets
• Example: The use of code under viral licenses (e.g. GPL) may
require you to provide any derivative works (this could be your
product) free of charge to the OSS community (worst case)
Asset devaluation may require asset write-downs
Strategies to consider:
Make software clearing an integral part of the software
development process
Continuously monitor your software code for Copyleft code
When buying a software company, spend some money on an OSS
assessment
Protect IP From Devaluation
9. Mitigate Security Vulnerabilities
Main Challenges:
You can only manage vulnerabilities that you know
To know what’s in your code, you must monitor usage of OSS
Strategies to consider:
Obtain Common Criteria (CC) certification /evaluation
Analyze the application environment for possible threats
Enable users and the software to self-report detected issues
Use special scanners to identify security issues in real time
Require developers to use OSS only from trusted sites
11
10. Control Contributions to
the Open Source Community
Main Challenges:
Most companies take OSS without giving (enough) back
Strategies to consider:
Define your level of interaction with the OSS community
Can you afford not contributing to the OSS community?
Consider contributing to projects of strategic importance
Avoid unnecessary OSS forks in your company
12
12. Two main types of Open Source enforcers:
“Good Guys”: E.g. Free Software Foundation
• Community-oriented enforcement
• Goal: Compliance through education and assistance
• “Legal action is a last resort”
The “bad guys”: Trolls
• A few individuals
• Goal: Making money
Strategy to consider:
Do not “blindly” accept a troll’s claim
Try settling on favorable terms
Avoid Exposure to Copyright Trolls
13. Basics:
If you have no OSS policy, create one
If your developers are unaware of OSS pitfalls, train them
Next steps:
Assess your demand for software clearing
Develop an appropriate clearing process
Consider a make/buy decision:
• Outsource the whole clearing process to a supplier, or
• Build up a clearing team (considering offshore options)
Start before commercially licensing out your IP
OSS Strategies for Smaller Entities
15. 17
Thank you!
Mary Lou Wakimura
Hamilton Brook Smith Reynolds
MaryLou.Wakimura@hbsr.com
978.341.0036 x 3214
Giovanna Fessenden
Hamilton Brook Smith Reynolds
Giovanna.Fessenden@hbsr.com
978.341.0036 x 3466
Thomas Schubert
Siemens AG
Thomas.Schubert@siemens.com