New Tool Checks Legality Of Open-Source Software - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Information Management

New Tool Checks Legality Of Open-Source Software

With the growing use of open-source software, businesses may find themselves using someone else's intellectual property without knowing it.

While it's never been a smart business move to use someone else's intellectual property without paying for it, the risk of doing this without realizing it has never been greater. Open-source software, led by programs such as the Linux operating system and the Apache Web server, has grown in popularity during the past several years from small departmental implementations to become more deeply entrenched in business IT environments.

Although the uses and legalities of open-source software are fairly new to most companies, ignorance is not likely to hold water as a defense. This has led to the emergence of new tools and services designed to help companies identify the lineage of the code they download for free from the Internet or acquire from another business through more traditional corporate transactions.

Following up on the protexIP/development software and service it introduced in May, Black Duck Software Inc. on Monday will formally introduce protexIP/license management. Whereas protexIP/development is designed to help developers identify instances of open-source software and any licensing conflicts, the new protexIP/license management offering is primarily for use by lawyers and corporate legal teams. ProtexIP/license management lets attorneys identify any open-source licenses that affect their clients' code or code their clients seek to acquire.

When executives consider acquiring a company or a company's assets, they want to be sure there are no hidden legal land mines, says David Byer, a partner in the patent and intellectual-property practice group at Boston law firm Testa, Hurwitz & Thibeault LLP. "We've seen complete deals go off the table because the acquirer didn't want to take the risk," he says. Another scenario has been for a seller's assets to be devalued if there are questions about legal ownership of those assets.

The growing popularity of open source, which can be downloaded freely from the Web without going through corporate procurement channels, has increased the legal risks associated with software acquisition and usage. To ensure that its legal team can help its clients mitigate this risk, Testa, Hurwitz & Thibeault is testing protexIP/license management along with protexIP/development.

Lawyers use protexIP/license management software from their desktops to compare the code that their clients wish to acquire against Black Duck's database of more than 200 open-source licenses to see if the target code is covered by any of those licenses. Lawyers can also run source code through the software to identify similarities between that source code and code contained in open-source applications, says Ira Heffan, a senior associate in Testa, Hurwitz & Thibeault's patent and intellectual-property practice group and a member of the firm's Open Source Task Force.

The task force consists of 15 lawyers across several of the law firm's practices who study open-source issues in the areas of software development, intellectual-property infringement, and intellectual-property due diligence in venture-capital financings, merger and acquisition transactions, and initial public offerings.

One of the more dangerous scenarios is for a company to introduce software covered by the General Public License into its development environment without realizing it might have to then make its code--some of it possibly proprietary--freely available to the open-source community, Heffan says.

Subscriptions to protexIP/license management start at $9,500 for two users. The license-management software and service must be used with Black Duck's protexIP/development, which starts at $12,500 for a five-user development subscription.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
10 RPA Vendors to Watch
Jessica Davis, Senior Editor, Enterprise Apps,  8/20/2019
Enterprise Guide to Digital Transformation
Cathleen Gagne, Managing Editor, InformationWeek,  8/13/2019
IT Careers: How to Get a Job as a Site Reliability Engineer
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/31/2019
White Papers
Register for InformationWeek Newsletters
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Flash Poll