New Tool Verifies Legality Of CodeNew Tool Verifies Legality Of Code

Open-source software, led by the Linux operating system and the Apache Web server, continues to grow in popularity, making its way from small departmental implementations to becoming deeply entrenched in business-IT environments. Although the uses and legalities of open-source software are fairly new to most companies, ignorance isn't likely to hold water as a defense when it comes to infringing on intellectual-property rights.

The prevalence of open-source software has led to new tools and services designed to help companies identify the lineage of the code they download for free from the Internet or acquire from another business through more traditional transactions.

Following up on the protexIP/ development software and service it introduced in May, Black Duck Software Inc. introduced protexIP/ license management. Where protexIP/development is designed to help developers identify instances of open-source software and any licensing conflicts, protexIP/license management is primarily targeted at lawyers and company legal teams. It lets attorneys identify any open-source licenses that affect their clients' code, or code their clients seek to acquire.

When executives consider acquiring a company or a company's assets, they want to be sure there aren't hidden legal land mines, says David Byer, a partner in the patent and intellectual-property practice group at Boston law firm Testa, Hurwitz & Thibeault LLP. "We've seen complete deals go off the table because the acquirer didn't want to take the risk," Byer says. Another scenario has been for a seller's assets to be devalued if there are questions about legal ownership of those assets.

The growing popularity of open source, which can be downloaded freely from the Web without going through company procurement channels, has increased the legal risks associated with software acquisition and use. To ensure that its legal team can help its clients mitigate this risk, Testa, Hurwitz & Thibeault is testing protexIP/ license management along with protexIP/development.

Lawyers use protexIP/license management software from their desktops to compare the code that their clients wish to acquire against Black Duck's database of more than 200 open-source licenses to see if the target code is covered by any of those licenses. Lawyers also can run source code through the Black Duck software to identify similarities between that source code and code contained in open-source applications, says Ira Heffan, a senior associate in Testa, Hurwitz & Thibeault's patent and intellectual-property practice group and a member of the firm's Open Source Task Force.

The task force consists of 15 lawyers across several of the law firm's practices who study open-source issues in the areas of software development, intellectual- property infringement, and intellectual-property due diligence in venture-capital financings, merger and acquisition transactions, and initial public offerings.

One of the more dangerous scenarios is for a company to introduce software covered by the General Public License into its de- velopment environment without realizing it might have to then make its code--some of it possibly proprietary--freely available to the open-source community, Heffan says.

Subscriptions to protexIP/license management start at $9,500 for two users. The license-management software and service must be used with Black Duck's protexIP/development, which starts at $12,500 for a five-user development subscription. ProtexIP/ license management uses the same databases that Black Duck makes available through its protexIP/ development service.