What You Need to Know about Open Source Code
If your business involves the use of software in any manner, whether as a user or developer,you need to be aware of the potential risks to your business that are created if any such software includes open source code.
Open source code is computer code that is publicly available at no charge (subject to the terms its license) that can be used to develop other code and products. Many developers have chosen to make their code available in this manner to encourage the programming community to work together to build upon their ideas in an open forum through the Internet.
While this open community of coders is a wonderful mechanism for creative minds to develop and solve even more challenging software programs and tools, it is intended to be a community without walls. In other words, if you access a tool developed by one of these open source programmers or community of programmers, you are welcome to do so provided that you abide by the terms of the license imposed by the original coder.
Open source material usually has associated with it an "artistic license" which imposes two conditions: 1) you must give attribution to the original coder; and 2) you must make your subsequent development or derivative work available to others. However, many users of open source code are not aware of this license because they become subject to it without clicking any acceptance or executing any agreements. Simply using the open source code makes the user bound by the terms of the applicable license.
If you violate the conditions of a license knowingly or otherwise - you may, based on the recent ruling in Jacobsen v. Katzer, 535 F.3d 1373 (Fed.Cir. 2008), be found to have infringed upon the programmer's copyright. Specifically, under the Jacobsen ruling, the court determined that because Katzer used Jacobsen's open source code in violation of the terms of Jacobsen's licensing conditions, Katzer could be compelled under U.S. Copyright Law as a willful infringer to (a) cease using the programmer's open source, (b) disclose the code Katzer further developed "to the world" and/or (c) pay monetary damages (which could be trebled if Katzer was found to have acted willfully).
Whether you use employees or outside consultants to develop software for your company, or if you purchase software from third parties, you must educate and discuss with your personnel and consultants the risks of using open source. Employees should be told that under no circumstances are they to use open source without prior approval. Further, for code that has already been developed, you should interview your internal staff to determine whether in fact open source materials have already been incorporated into current company systems and/or products.
When entering into agreements with consultants, those documents must include appropriate protections against their using open source material. Your lack of knowledge with respect to the use of open source is not, under current case law, a defense to a charge of infringement. Simply put, if you reaped the benefits of the open source material, you must abide by the conditions of its license. This is true regardless of whether you had actual knowledge of the use of the open source materials in your source code. If you violate the terms of the license, you may be liable for infringement and compelled to make your developments from such open source code available to others for free.
As you may know, third-party agreements in this area typically should include: 1) representations that (i) the consultant owns the code delivered, and (ii) the work product does not infringe upon a third party's rights; 2) a statement that the resulting product is a "work for hire;" 3) a representation that the consultant did not use any open source code; and 4) an indemnity from the consultant if any of the warranties proved to be false. However, even with this seemingly thorough language, your company is still not fully protected if in fact the program delivered by the consultant contained open source material. You can still be named in litigation brought by the owner of the open source material as a defendant and, unless your consultant has deep pockets, the indemnity you have is not likely to provide adequate protection for you. Even if the consultant carries insurance, it is unlikely that the policy provides coverage for copyright infringement claims.
Taking this risk one step further, if you were to sell your company and make a representation to your buyer that you own all right, title and interest (including all copyright) in and to your software - and/or have all necessary third-party licenses to use the same - you may have just unwittingly made a false representation. Were the programmer of the open source material to then come after your purchaser, your purchaser would most likely (depending upon the terms of your agreement) immediately turn to you and demand an indemnity of the claim.
To complete this potential exposure scenario, if the software in question is "mission critical" to your company, or is the software that gives your company its competitive edge, you might suddenly find yourself being compelled to share with your competitors the source code to the company's "crown jeweL" Furthermore, if you license your software and it is used by your customers in their products, then their products could potentially be subject to the terms of the open source license. Companies are increasingly becoming aware of this risk and are now seeking from software licensors significant representations, supported by indemnities, that their code does not contain any open source materials.
So, how do you know if you are at risk? There is software available that can audit your software to determine whether it contains open source material. If it does, it would behoove you to understand the terms of the license (if any) for that material and then develop a plan of action (whether you move proactively or reactively). Second, on a going-forward basis, you can require any third-party programmers to either (a) disclose, before the use in their development efforts on your behalf, any open source material they intend to incorporate, or (b) require the programmers NOT to use open source material at all. While these two alternatives cannot guarantee that the consultant will comply with these restrictions, it will certainly give the consultant pause before subjecting itself to a breach of contract claim (which might well fall under its general commercial liability insurance coverage).
For further information or suggestions as to how to minimize potential exposure in view of the Jacobsen ruling, please feel free to contact Michelle Schaap, Partner, Wolff & Samson PC, Phone: 973-530-2026 or via email at email@example.com. or Rhonda Carniol, Of Counsel, Phone: 973-530-2101 or via email at firstname.lastname@example.org.
This Client Alert should not be construed as legal advice or a legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own lawyer concerning your specific situation or any legal questions you may have.