Strategies for Commercial Software Developers Using Open Source Code

in Proprietary Software

October 4, 2016

2Offices

BostonSeaport Innovation District

ConcordRoute 128 Technology Corridor

By the Numbers

1980Year Founded

22Technology Specialties

BioinformaticsBiotechnology & Life SciencesBiologics & ImmunotherapeuticsChemical EngineeringPharmaceuticalsChemistryMaterial SciencesClean TechnologyMedical DevicesMedical ImagingMechanical EngineeringElectrical EngineeringSemiconductorsOpticsRoboticsMobileInternet of ThingsNetwork InfrastructureTelecommunicationsComputer HardwareComputer SoftwareBusiness Methods

37Attorneys,

Patents Agents, Technology Specialists

19Firm accolades since

2010, including:

4

5

Mary Lou WakimuraPrincipal Hamilton Brook Smith Reynolds

Giovanna FessendenOf CounselHamilton Brook Smith Reynolds

Thomas SchubertLead Counsel Software Licensing Siemens AG

Background of Open SourceLicensing and IP Law

Open Source Software (OSS)

Copyrighted but access to source code with rights to modify

Licensee may copy and make derivative works

If distribute derivative works, then perpetuate original OSS terms

6

Key Goals of Commercial Software Vendors Who Use OSS

Maintain ability to deliver

Protect IP from devaluation

Mitigate security vulnerabilities

Control contributions to OSS community

Avoid exposure to Copyright Trolls

7

Main Challenges: Most of today’s commercial software contains Open Source A typical complex application contains 30-80 OSS

components Each OSS component contains one or several licenses• Example: Linux Kernel has about 95 different licenses and

license combinations Minor license violation may terminate your right to use• Example: You must ship a copy of the GPL license with your

product

Maintain Ability to Sell Products

Strategies to consider:1. Pass OSS usage policy and enforce it without imposing unnecessary

bureaucracy on the organization2. Build the right team (lawyers with software knowhow, engineers with

licensing expertise)3. Procure the right clearing platform4. Install a high-performance process close to the engineering operation5. Don’t forget to also tackle commercial standard software (COTS)6. Be aware of potential OSS license incompatibilities (rarely a problem)7. Ensuring compliance throughout the supply chain is difficult

• Actively solicit OSS information from your suppliers• Treat absence of OSS information like a product defect• Secure your position by including contractual language around OSS matters

Maintain Ability to Sell Products

Main Challenges: Uncontrolled use of OSS with viral licenses may devalue your

software assets• Example: The use of code under viral licenses (e.g. GPL) may

require you to provide any derivative works (this could be your product) free of charge to the OSS community (worst case)

Asset devaluation may require asset write-downs

Strategies to consider: Make software clearing an integral part of the software

development process Continuously monitor your software code for Copyleft code When buying a software company, spend some money on an OSS

assessment

Protect IP From Devaluation

Mitigate Security Vulnerabilities

Main Challenges: You can only manage vulnerabilities that you know To know what’s in your code, you must monitor usage of OSS

Strategies to consider: Obtain Common Criteria (CC) certification /evaluation Analyze the application environment for possible threats Enable users and the software to self-report detected issues Use special scanners to identify security issues in real time Require developers to use OSS only from trusted sites

11

Control Contributions to the Open Source Community

Main Challenges: Most companies take OSS without giving (enough) back

Strategies to consider: Define your level of interaction with the OSS community Can you afford not contributing to the OSS community? Consider contributing to projects of strategic importance Avoid unnecessary OSS forks in your company

12

Open Source software: A promising arena for IP litigators?

Next wave of industrial progress is software-driven

Software patents can be difficult to obtain

Legislators have started to discourage

Patent Trolls

Avoid Exposure to Copyright Trolls

© Hugh D’Andrade, CC BY 2.0

Two main types of Open Source enforcers: “Good Guys”: E.g. Free Software Foundation

• Community-oriented enforcement

• Goal: Compliance through education and assistance

• “Legal action is a last resort”

The “bad guys”: Trolls• A few individuals

• Goal: Making money

Strategy to consider: Do not “blindly” accept a troll’s claim

Try settling on favorable terms

Avoid Exposure to Copyright Trolls

Basics:

If you have no OSS policy, create one

If your developers are unaware of OSS pitfalls, train them

Next steps:

Assess your demand for software clearing

Develop an appropriate clearing process

Consider a make/buy decision:

• Outsource the whole clearing process to a supplier, or

• Build up a clearing team (considering offshore options)

Start before commercially licensing out your IP

OSS Strategies for Smaller Entities

17

Thank you!

Mary Lou WakimuraHamilton Brook Smith ReynoldsMaryLou.Wakimura@hbsr.com978.341.0036 x 3214

Giovanna FessendenHamilton Brook Smith ReynoldsGiovanna.Fessenden@hbsr.com978.341.0036 x 3466

Thomas SchubertSiemens AGThomas.Schubert@siemens.com