How To Ensure Open Source Risks Won't Scuttle Your Deal
Read on for critical guidance in a record-breaking M&A market.
With mergers and acquisitions reaching record levels this year, a panel of attorneys and experts sat down to discuss how to prevent open source software issues from sinking a transaction in a recent webinar hosted by Above the Law and FOSSA.
(Scroll to the bottom to view the webinar on-demand.)
Open source software, or OSS, has source code that can be used by anyone as long as certain conditions are followed, differentiating it from proprietary software. Open source is used far and wide, with Kevin Wang, the CEO of FOSSA, noting that it’s now “extremely popular.” (FOSSA provides technology that helps organizations manage license compliance and security risks that come with the use of open source software.)
“Every company at scale uses huge amounts of open source today,” Wang said. “What we’ve seen is it’s very difficult to operate any business at scale without using open source.”
While OSS offers developers greater flexibility and speed, companies using open source need to ensure that they’re in compliance with open source licenses. Failing to comply can result in litigation or potential trouble during deals.
“It’s up to the legal folks doing the IP review on the open source to ensure that the acquirer doesn’t acquire a copyright infringement lawsuit,” noted Jim Markwith of Markwith Law, who has been working in open source for over two decades.
In order to avoid potentially costly software surprises after a deal closes, attorneys may need to perform open source due diligence during mergers and acquisitions.
“Due diligence, from an acquisition perspective, is looking at the code base that’s going to be acquired and … identifying the open source within the code base,” Markwith said. “And then, ensuring that the target is using it in a compliant manner.”
One of the more common issues that can arise during the deal process is a target company saying they only use a small amount of open source or that they have “no idea” what open source is in their products, according to Chris Stevenson, of counsel at DLA Piper.
“More than 90% of all code bases out there have at least some open source software in them,” Stevenson said. “If you get into doing diligence on a financing or an M&A deal and you see no information on open source, that’s a big red flag.”
When it comes to how target companies should prepare for due diligence, Markwith emphasized enacting an open source software policy, as well as getting an understanding of what’s in the company’s code base.
“Implementing [an] open source software use policy and processes into your software development process, that’s the key,” Markwith said. “If you can do it prior to the eve of due diligence occurring in an M&A or IPO scenario, it’s always better.”
Companies that are headed towards an IPO may also opt to embrace internal open source due diligence, according to Wang.
“I think one interesting trend we’ve seen, especially over the past couple of years, has been the adoption of internal open source due diligence practices and internal open source management practices as companies are getting on the path to IPO,” Wang said.
For more on how you can ensure that open source issues don’t torpedo a transaction, enter your email to check out the full webinar.
