New Tool Checks Legality Of Open-Source Software

While it's never been a smart business move to use someone else's intellectual property without paying for it, the risk of doing this without realizing it has never been greater. Open-source software, led by programs such as the Linux operating system and the Apache Web server, has grown in popularity during the past several years from small departmental implementations to become more deeply entrenched in business IT environments.

Although the uses and legalities of open-source software are fairly new to most companies, ignorance is not likely to hold water as a defense. This has led to the emergence of new tools and services designed to help companies identify the lineage of the code they download for free from the Internet or acquire from another business through more traditional corporate transactions.

Following up on the protexIP/development software and service it introduced in May, Black Duck Software Inc. on Monday will formally introduce protexIP/license management. Whereas protexIP/development is designed to help developers identify instances of open-source software and any licensing conflicts, the new protexIP/license management offering is primarily for use by lawyers and corporate legal teams. ProtexIP/license management lets attorneys identify any open-source licenses that affect their clients' code or code their clients seek to acquire.

When executives consider acquiring a company or a company's assets, they want to be sure there are no hidden legal land mines, says David Byer, a partner in the patent and intellectual-property practice group at Boston law firm Testa, Hurwitz & Thibeault LLP. "We've seen complete deals go off the table because the acquirer didn't want to take the risk," he says. Another scenario has been for a seller's assets to be devalued if there are questions about legal ownership of those assets.

The growing popularity of open source, which can be downloaded freely from the Web without going through corporate procurement channels, has increased the legal risks associated with software acquisition and usage. To ensure that its legal team can help its clients mitigate this risk, Testa, Hurwitz & Thibeault is testing protexIP/license management along with protexIP/development.Lawyers use protexIP/license management software from their desktops to compare the code that their clients wish to acquire against Black Duck's database of more than 200 open-source licenses to see if the target code is covered by any of those licenses. Lawyers can also run source code through the software to identify similarities between that source code and code contained in open-source applications, says Ira Heffan, a senior associate in Testa, Hurwitz & Thibeault's patent and intellectual-property practice group and a member of the firm's Open Source Task Force.

The task force consists of 15 lawyers across several of the law firm's practices who study open-source issues in the areas of software development, intellectual-property infringement, and intellectual-property due diligence in venture-capital financings, merger and acquisition transactions, and initial public offerings.

One of the more dangerous scenarios is for a company to introduce software covered by the General Public License into its development environment without realizing it might have to then make its code--some of it possibly proprietary--freely available to the open-source community, Heffan says.

Subscriptions to protexIP/license management start at $9,500 for two users. The license-management software and service must be used with Black Duck's protexIP/development, which starts at $12,500 for a five-user development subscription.