Open source software (OSS) has emerged as a significant market disruptor in recent years. OSS serves as an alternative to commercial software licensing wherein the licensee does not need to pay for the license. This tends to make it particularly attractive to start-ups attempting to keep their costs down. However, the free use of the OSS comes with some additional considerations which need to be managed before an acquirer purchases a company making extensive use of OSS.
Some analysts have noted that, in the acquisition context, OSS can present a number of challenges, including security risks and compliance. Compliance obligations can arise through the licenses of use for the OSS and understanding the nature of these risks going into a transaction can ensure a smoother transition. A possible method for of doing so may require the acquirer asking the target to manage any compliance issues beforehand, while another suggests that the acquirer devise strategies for addressing compliance issues once the transaction is complete.1 Ideally, a target company will exercise best practices for tracking where OSS is used in its products. However, there may be undisclosed uses of OSS which an acquirer will need to be aware prior to undertaking a purchase. Otherwise, undisclosed uses of OSS can potentially result in costly liabilities and obligations.
Another method for managing the risks of OSS involves the use of an open source audit, which is a process by which the product's code is mapped against third party code to determine the origin of certain aspects of the software. Importantly, this process can reveal which parts of the OSS are an original, proprietary development. The use of an audit gives the acquirer a relational map of which obligation arise as a result of any OSS integrations. These can assist in catching instances where OSS was used in a product, but the developer failed to track. The acquirer can further use an open source audit to determine a realistic value of the target's software developments and plan for any roadblocks on the path to commercial distribution of the software.
Technical audits are an essential feature of any acquisition and can give the acquirer an understanding of the obligations that come with the integration of the OSS into the target's systems.
Footnote
The author would like to thank Tom Sutherland, summer student, for his assistance in preparing this legal update.
About Norton Rose Fulbright Canada LLP
Norton Rose Fulbright is a global law firm. We provide the world's preeminent corporations and financial institutions with a full business law service. We have 3800 lawyers and other legal staff based in more than 50 cities across Europe, the United States, Canada, Latin America, Asia, Australia, Africa, the Middle East and Central Asia.
Recognized for our industry focus, we are strong across all the key industry sectors: financial institutions; energy; infrastructure, mining and commodities; transport; technology and innovation; and life sciences and healthcare.
Wherever we are, we operate in accordance with our global business principles of quality, unity and integrity. We aim to provide the highest possible standard of legal service in each of our offices and to maintain that level of quality at every point of contact.
For more information about Norton Rose Fulbright, see nortonrosefulbright.com/legal-notices.
Law around the world
nortonrosefulbright.com
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
