Acquiring Rights To Third Party Commercial Software Don

Acquiring Rights To Third Party Commercial Software Don Mofford Daly, Crowley, Mofford & Durkee, LLP

Rules of Engagement v. The thoughts and opinions presented today are meant for educational purposes and not legal advise v. I encourage questions as we go along v. If I am speaking too quickly, call foul, and I will attempt to slow down v. During my Air Force career, I was known as that fast talking guy from New England. It was my legacy and how I was remembered. v. Although I am typically looking at these issues from Industry’s perspective, I attempted to stay neutral and provide the issues from both perspectives DALY, CROWLEY, MOFFORD &DURKEE

Commercial Software v. Most of the software that Do. D contractors produce is noncommercial software v. Commercial software often supplements a prime contractor’s deliverable noncommercial software - As a stand alone deliverable - Integrated into the deliverable noncommercial software v. Government may obtain license directly from the Supplier or as part of a license from the prime contractor v. FAR 27. 405 -3 – Certain terms for commercial software v. No standard terms nor applicable DFARs clause for commercial software DALY, CROWLEY, MOFFORD &DURKEE

Acquiring Rights to Third Party Commercial Software - Overview v. Under the FAR v. Under the DFAR v. Government Specific Requirements v. Standard Software Addendum v. FOSS related issues DALY, CROWLEY, MOFFORD &DURKEE

Under the FAR – GSA Guidance FAR 12. 212 -- Computer Software. (a) Commercial computer software or commercial computer software documentation shall be acquired under licenses customarily provided to the public to the extent such licenses are consistent with Federal law and otherwise satisfy the Government’s needs. Generally, offerors and contractors shall not be required to -(1) Furnish technical information related to commercial computer software or commercial computer software documentation that is not customarily provided to the public; or (2) Relinquish to, or otherwise provide, the Government rights to use, modify, reproduce, release, perform, display, or disclose commercial computer software or commercial computer software documentation except as mutually agreed to by the parties. (b) With regard to commercial computer software and commercial computer software documentation, the Government shall have only those rights specified in the license contained in any addendum to the contract. For additional guidance regarding the use and negotiation of license agreements for commercial computer software, see 27. 405 -3. DALY, CROWLEY, MOFFORD &DURKEE

Under the FAR – FAR 27. 405 -3 Guidance (a) When contracting other than from GSA's Multiple Award Schedule contracts for the acquisition of commercial computer software, no specific contract clause prescribed in this subpart need be used, but the contract shall specifically address the Government's rights to use, disclose, modify, distribute, and reproduce the software. Section 12. 212 sets forth the guidance for the acquisition of commercial computer software and states that commercial computer software or commercial computer software documentation shall be acquired under licenses customarily provided to the public to the extent the license is consistent with Federal law and otherwise satisfies the Government's needs. The clause at 52. 227 -19, Commercial Computer Software License, may be used when there is any confusion as to whether the Government's needs are satisfied or whether a customary commercial license is consistent with Federal law. Additional or lesser rights may be negotiated using the guidance concerning restricted rights as set forth in 27. 404 -2(d), or the clause at 52. 227 -19. If greater rights than the minimum rights identified in the clause at 52. 227 -19 are needed, or lesser rights are to be acquired, they shall be negotiated and set forth in the contract. This includes any additions to, or limitations on, the rights set forth in paragraph (b) of the clause at 52. 227 -19 when used. Examples of greater rights may be those necessary for networking purposes or use of the software from remote terminals communicating with a host computer where the software is located. If the computer software is to be acquired with unlimited rights, the contract shall also so state. In addition, the contract shall adequately describe the computer programs and/or databases, the media on which it is recorded, and all the necessary documentation. (b) If the contract incorporates, makes reference to, or uses a vendor's standard commercial lease, license, or purchase agreement, the contracting officer shall ensure that the agreement is consistent with paragraph (a)(1) of this subsection. The contracting officer should exercise caution in accepting a vendor's terms and conditions, since they may be directed to commercial sales and may not be appropriate for Government contracts. Any inconsistencies in a vendor's standard commercial agreement shall be addressed in the contract and the contract terms shall take precedence over the vendor's standard commercial agreement. If the clause at 52. 227 -19 is used, inconsistencies in the vendor's standard commercial agreement regarding the Government's right to use, reproduce or disclose the computer software reconciled by that clause. (c) If a prime contractor under a contract containing the clause at 52. 227 -14, Rights in Data--General, with paragraph (g)(4) (Alternate III) in the clause, acquires restricted computer software from a subcontractor (at any tier) as a separate acquisition for delivery to or for use on behalf of the Government, the contracting officer may approve any additions to, or limitations on the restricted rights in the Restricted Rights Notice of paragraph (g)(4) in a collateral agreement incorporated in and made part of the contract. DALY, CROWLEY, MOFFORD &DURKEE

Under the FAR v. Guidance For GSA contracts – FAR Part 12. 212 v. Guidance For other than GSA contracts – FAR 27. 405 -3 v. See FAR Clause 52. 227 -19 – Commercial Computer Software License (Dec 2007) Sets out certain rights to the government. DALY, CROWLEY, MOFFORD &DURKEE

Under the DFAR – 227. 7201 Guidance (a) Commercial computer software or commercial computer software documentation shall be acquired under the licenses customarily provided to the public unless such licenses are inconsistent with Federal procurement law or do not otherwise satisfy user needs. (b) Commercial computer software and commercial computer software documentation shall be obtained competitively, to the maximum extent practicable, using firm-fixed-price contracts or firm-fixed-priced orders under available pricing schedules. (c) Offerors and contractors shall not be required to— (1) Furnish technical information related to commercial computer software or commercial computer software documentation that is not customarily provided to the public except for information documenting the specific modifications made at Government expense to such software or documentation to meet the requirements of a Government solicitation; or (2) Relinquish to, or otherwise provide, the Government rights to use, modify, reproduce, release, perform, display, or disclose commercial computer software or commercial computer software documentation except for a transfer of rights mutually agreed upon. Vendor EULAs are often used with Addendum to meet contract requirements DALY, CROWLEY, MOFFORD &DURKEE

Under the DFAR - Guidance 227. 7202 -3 Rights in commercial computer software or commercial computer software documentation. (a) The Government shall have only the rights specified in the license under which the commercial computer software or commercial computer software documentation was obtained. (b) If the Government has a need for rights not conveyed under the license customarily provided to the public, the Government must negotiate with the contractor to determine if there acceptable terms for transferring such rights. The specific rights granted to the Government shall be enumerated in the contract license agreement or an addendum thereto. v. Prime contractor must negotiate with a commercial software vendor to get the necessary rights to meet the requirements of the contract DALY, CROWLEY, MOFFORD &DURKEE

Government Specific Requirements v. Issues that keep Government IP Lawyers up at night - As a precaution against potential conflict post contract, scurb or remove the following vendor Ts and Cs. • Termination clauses should not violate Federal Acquisition Regulation (FAR) clause 52. 212 -4 • Controlling law and jurisdiction shall reflect that federal law will apply to the government contract and therefore federal courts will have jurisdiction on disputes. • Severability clauses should not violate FAR 52. 212 -4(1) • Remove references to taxes - they do not apply to the federal government • Remove statements pertaining to automatic yearly renewals • Remove statements pertaining to advance payment for services • Remove statements pertaining to fees owed to the vendor as this would create a potential violation to the Anti-Deficiency Act • Audit clauses may not contain language that state the government will pay for the audit • Audit clauses will be self audit clauses and not allow access to a government network without prior consent and cleared individuals. DALY, CROWLEY, MOFFORD &DURKEE

Government Specific Requirements v. Issues that keep Government IP Lawyers up at night - As a precaution against potential conflict post contract, scurb or remove the following vendor Ts and Cs (con’t). • Audit reports will not occur more than once per year. • Assignment Clause (See FAR 42. 12) cannot be counter to the anti-assignment provisions in the FAR. As FAR 41. 1204 notes, 41 U. S. C. 15 prohibits transfer of Government contracts from the contractor to a third party. We may recognize a “successor in interest, : ” but a mere transfer of the contract is not authorized and we cannot allow for this unless under the terms of 42. 12. • Any restriction that the software license may only be used on a specific namebrand hardware make/model needs to be identified to the customer. • Any vague terms such as “internal use” need to be clearly defined DALY, CROWLEY, MOFFORD &DURKEE

Government Specific Requirements v. So how does the Government ensure it is getting the rights its needs to meet program requirements and conform to the law? � Adding requirements in the RFP DALY, CROWLEY, MOFFORD &DURKEE

Government Specific Requirements - Example Rights in third party Commercial-Off-the-Shelf (COTS) Licenses List The Offeror shall attach to its offer a list, entitled "Commercial-Off-the. Shelf (COTS) Licenses - Identification and Licensing" (the COTS List), providing information concerning all COTS licenses for which it intends to pay license fees and the amount of the fees in order to perform under the contract. The Offeror shall submit the COTS List as an attachment to its offer, dated and signed by an official authorized to contractually obligate the Offeror. If there is no information to be included in the COTS List, the Offeror shall submit the list and enter "None" as the body of the list. - Providing a list so it can be vetted DALY, CROWLEY, MOFFORD &DURKEE

Government Specific Requirements - Example b. Rights in Commercial TD, Commercial CS, and Commercial CSD. (i) The Offeror shall include in its offer a list, entitled “Commercial Technical Data, Commercial Computer Software, and Commercial Computer Software Documentation–Government Use Restrictions” (the Commercial Restrictions List), that provides the following information regarding all commercial TD, CS, and CSD that the Offeror (including its subcontractors or suppliers, or potential subcontractors or suppliers, at any tier) intends to deliver with other than unlimited rights: (1) identification of the data or software; (2) basis for asserting restrictions; (3) asserted rights category; and (4) name of the person asserting restrictions. For any item designated as NDI, the Offeror is requested to provide details of the Agency and level therein that paid for development and the contract number(s) and dates wherein payments were received. For each entry in the list citing an asserted rights category other than the standard license rights applicable to commercial TD as set forth in the DFARS 252. 227 -7015 (MAR 2011) clause, the Offeror shall provide a complete description of the asserted rights (e. g. , a specially negotiated license, or the license customarily offered to the public); this information may be provided by referencing any proposed non-standard or commercial license agreement that is included in the list. The Offeror shall submit the Commercial Restrictions List with its offer, dated and signed by an official authorized to contractually obligate the Offeror. If there is no information to be included in the Commercial Restrictions List, the Offeror shall submit the list and enter "None" as the body of the list. If the Offeror is awarded a contract, the Commercial Restrictions List shall be attached to the contract (Format to be used provided in Attachment J-4). Providing a list so it can be vetted DALY, CROWLEY, MOFFORD &DURKEE

Government Specific Requirements - Example Technical Data and Computer Software of Subcontractors and Suppliers. In accordance with the definition of Depot Level Maintenance (paragraph a. 1) Seller's obligations under this clause shall apply to all technical data and computer software, including all technical data or computer software developed, delivered, or otherwise provided by subcontractors or suppliers at any tier, and regardless of whether the computer software or technical data is or relates to commercial items or noncommercial items. Seller shall include these requirements in its subcontracts or other contractual or legal instruments with its subcontractors or suppliers at any tier. Seller shall provide Attachments F 1, “OMIT Identification and Assertion of Restrictions on the Government's Use, Release, or Disclosure of Technical Data and Computer Software, ” and F 2, “Non-OMIT Identification and Assertion of Restrictions on the Government's Use, Release, or Disclosure of Technical Data and Computer Software, ” in accordance with the clause set forth herein entitled “Identification and Assertion of Restrictions on Technical Data and Computer Software. ” Seller shall also include proposed license terms in Attachments F 1 and F 2, for any commercial or non -commercial technical data and computer software for which Seller proposes specially negotiated license terms. (Copies of Attachments F 1 and F 2 are available in the Description column for FA 8625 -11 -C-6600 in the index for Customer Contract Requirements. ) Providing a more detailed list so it can be vetted DALY, CROWLEY, MOFFORD &DURKEE

Government Specific Requirements - Example ESC-H 004 SOFTWARE LICENSE AGREEMENT INFORMATION (APR 2010) In accordance with DFARS 227. 70, DFARS 227. 71, DFARS 227. 72, the offeror shall provide the license agreement information for all commercial software licenses to be obtained on behalf of or transferred to the US Government under this contract. In addition to the licensing clauses under DFARS 227. 72, the following terms and conditions shall apply for any and all third party commercial off-the-shelf (COTS) software obtained by the Contractor and intended to be transferred to the US Government during performance of the present Government contract (Contract No. __TBD_______). The Government will not accept or execute a DD Form 250 for the software deliverables under the present contract until the Contractor obtains agreement to the terms contained in paragraphs 1 -10 from any and all third part commercial-off-the-shelf (COTS) software suppliers and/or vendors for which the Contractor has licensed software for incorporation into deliverables to the Government: 1. Any license shall be perpetual in nature and may not be unilaterally terminated by the Licensor. The Licensor may, however, seek other remedies at law. 2. The Licensee shall not be restricted from copying or embedding elements of accessible code into other applications (e. g. , nesting code, derivative works). 3. The Licensor shall not include any indemnification clauses. 4. The Licensor shall not use the fact that the Licensee is using the Licensor's products in any notification to the public (e. g. , no publicity rights permitted). 5. The Licensee is a Federal entity governed by Federal Statutes, Case Law, and Federal Regulations. Therefore, the Licensor shall remove any references to binding the Licensee through any laws of any municipality, state, or foreign country. 6. The Licensor shall not include any clauses indicating a right to enter the premise of Licensee for the purpose of auditing the use of any license, as the Licensee cannot allow an auditor physical access to the Licensee's facility due to security concerns. The Licensor may submit to the Licensee written notice indicating a substantiated belief that the Licensee is not using the software within the terms described in the license and the Licensee may consider conducting its own internal audit and providing a certified statement of its findings to the Licensor. 7. The Licensor shall not use any integration clauses. 8. The Licensor shall not use any injunctive relief clauses as the Licensor cannot prevent the Licensee from performing mission operations. The Licensor may seek other remedies at law (e. g. , monetary damages). 9. The Licensor shall include the following clause (and no other) for disputes: "Since the Licensee is a Government entity, any dispute arising from or in connection with this agreement shall be subject to resolution by the Disputes Clause included in the basic contract and/or the Government may also consider resolving any disputes using an appropriate Alternate Dispute Resolution (ADR) remedy. " 10. Add the clause described below to all third party COTS software licenses intended to be transferred to the Government: The Government agrees to the provisions of the present Software License, as set forth above, to the extent that the provisions of the Software License are consistent with Federal procurement law(s) and satisfies the Government's needs, as prescribed at least by the Department of Defense Federal Acquisition Regulation Supplement (DFARS) section 227. 7202 -1. In the event that any of the provisions of the present Software License are determined to be inconsistent with Federal procurement law(s) and/or do not otherwise satisfy the Government's needs, the parties to the present Software License hereby agree that such provisions shall be null and void. " 11. Alternatively, if the Licensor will not agree to the terms and conditions cited herein and/or as contained in DFARS 227. 72, the Offeror shall retain the current license on behalf of the US Government. The Offeror shall provide a list of all software deliverables that comply with the terms and conditions cited herein and/or as contained in DFARS 227. 72 and a list of all software deliverables that do not comply with the terms and conditions cited herein and/or as contained in DFARS 227. 72. (End of Clause) Did we go too far? DALY, CROWLEY, MOFFORD &DURKEE

Government Specific Requirement – Industry Response LANGUAGE TO INCLUDE IN YOUR CONTRACTS I. Customer acknowledges that the Deliveries include certain software, owned by third parties (“Third Party Software”), and that the use of such Third Party Software in or with the Deliverables s governed by license agreements between the Third Party and Prime. Customer agrees that it obtains no greater rights in the Third Party Software than such third parties have provided in license agreements with Prime and in the case of commercially available software, customer, it the end user, agrees that the Third Party’s standard end-user software license shall apply. II. In any case as to Third Party software Customer agrees as follows: A. Customer shall have only a non-exclusive license to use Third Party Software in connection with the Deliverables; B. Title to the Third Party Software shall not pass to Customer; C. Customer shall not reverse engineer, disassemble or decompile the Third Party Software, and shall not take any actions to obtain the source code; D. Customer shall not duplicate the Third Party Software, except for backup or archival purposes; …. . . DALY, CROWLEY, MOFFORD &DURKEE

Standard Software Addendum v. Create a software addendum to address the issues associated with commercial software licenses used in Government contracting to use with your software vendors If the Software and/or deliverables are being supplied in connection with or pursuant to a contract with the U. S. Government or a subcontract thereunder, no provision of the Agreement (as hereby amended) shall apply with respect to the U. S. Government insofar as such provision conflicts with applicable U. S. Federal Law, Federal Procurement Regulations, or applicable published procurement policies and practices of the relevant U. S. Government agency, including by way of example: (i) Provisions which conflict with 31 USC 1341 and 41 USC 11 (Anti-Deficiency Laws). (ii) Provisions which conflict with 28 USC 516 (DOJ Jurisdictional Statute). (iii) Provisions providing for payment of interest on late payments which are not in accordance with 31 USC 3901 et seq. (Prompt Payment Act) and 5 CFR 1315. (iv) Provisions requiring payment of attorneys' fee by the U. S. Government except as provided in 5 USC 504 (Equal Access To Justice Act). (v) Provisions which, directly or indirectly, make the U. S. Government responsible for federal, state, or local taxes. (vi) Provisions which obligate the U. S. Government to be bound by terms imposed by third party suppliers where such terms are not expressly set forth in the Agreement. (vii) Governing law or dispute resolution provisions which conflict with applicable United States Federal law or provisions which make the United Sates Government subject to equitable remedies. (viii) Provisions which provide for unilateral termination or modification of the Government's rights or which are inconsistent with FAR 52. 233 -1, FAR 12. 302(b), FAR 1. 601(a), or FAR 43. 102. (ix) Provisions which are inconsistent with 5 USC 552 (Freedom of Information Act). DALY, CROWLEY, MOFFORD &DURKEE

FOSS Related Issues – Discussion Outline � What is Free and Open Source Software (FOSS)? � Motivations for using FOSS ◦ Benefits ◦ Risks � Common FOSS licenses // critical distinctions � Guidelines on the selection of FOSS DALY, CROWLEY, MOFFORD &DURKEE

FOSS Related Issues – What is FOSS? � Common perception ◦ “FOSS is free software that I can use as I wish!” � Reality ◦ FOSS is commercial software with (often confusing) license obligations that must be carefully followed to avoid the risks of customer contract violations, loss of company exclusivity to non-FOSS code, patent infringement and copyright infringement. � Take away ◦ The use of FOSS is often highly desirable, but ◦ Company must assess project risks associated with the use of FOSS and follow the specific license terms associated with a particular FOSS product. ◦ Any use of FOSS should require approval following an approval process adopted by the company. DALY, CROWLEY, MOFFORD &DURKEE

FOSS Related Issues - Proprietary Software vs. FOSS � “Proprietary” model ◦ Publisher licenses and distributes only (non-modifiable) binary executables ◦ Software is subject to a highly restrictive copyright (e. g. no redistribution) ◦ Familiar examples: Windows 8, Quicken, Turbo Tax � “Freeware” model ◦ Proprietary software, available free of charge, for an unlimited time, but �Source code is typically is not available �Subject to a restrictive copyright (e. g. no redistribution or modification) ◦ Familiar examples: Adobe Reader, Skype, Visio Viewer � Free and Open Source Software (FOSS) ◦ Zero cost; available as source code; openly shared ◦ Synonyms for FOSS include: “Open Source Software", "Software Libre", and "FLOSS" (Free/Libre/Open-Source Software). ◦ Familiar examples: Apache HTTP Server, My. SQL, Open Office DALY, CROWLEY, MOFFORD &DURKEE

FOSS Related Issues - Benefits � Zero licensing cost: savings can be passed for competitive pricing � Faster development time: leverage pre-built building blocks � (Generally) high quality: many projects are supported and improved by hundreds of developers world-wide. ◦ Pre-stressed ◦ (Generally) low rate of malware � Simple to acquire: downloadable after approval; typically no negotiation of terms or price � The Government is asking for it! DALY, CROWLEY, MOFFORD &DURKEE

FOSS Related Issues - Do. D � 1/2003: MITRE Corporation study identified 115 FOSS applications then in use at the Do. D: ◦ “…FOSS…[is] useful for Do. D applications…for which slow, low-security external update processes are neither practical nor advisable…[and] where rapid, open, and communitywide sharing of software components is desirable. ” � 4/2003: Admiral John Stenbit’s “level playing field” memo: ◦ “Do. D Components acquiring, using, or developing OSS must ensure that the OSS complies with the same Do. D policies that govern COTS software. ” � 5/2007: DOD Open Technology Development roadmap: ◦ “OSS and open source development methodologies are important to the National Security and National Interest of the U. S…” � 6/2007: CIO, US Department of the Navy (DON) memo “Department of the Navy Open Source Software Guidance”: ◦ “The DON Chief Information Officer (CIO) recognizes the importance of OSS to the warfighter and the need to leverage its benefits throughout the DON…” � 10/2009: DOD CIO Memo “Clarifying Guidance Regarding OSS ◦ “Department of Defense must develop and update its software-based capabilities faster than ever …. The use of Open Source Software (OSS) can provide advantages in this regard. ” DALY, CROWLEY, MOFFORD &DURKEE

FOSS Related Issues - Risks � Most issues associated with commercial software also apply to FOSS. ◦ Software capability, performance and quality, license terms and compliance… � However, FOSS licenses often raise many unique issues not found with COTS. 1. Viral license terms apply to original FOSS code and all “modifications”. � Mere combination with other code (e. g. , compiling together or static linking) can be a “modification”. � Distribution of modified code must be under the same license terms as the original work. � Rights of the license automatically pass through to all distributees. 2. Can’t charge for use (but OK to charge for maintenance and support) 3. Source code must be provided or made available. � Derivative works and other modifications must be permitted, and usage cannot be denied to any person, group, or field of endeavor. 4. Inconsistent terms and additional restrictions on use are prohibited 5. Traditional software maintenance and support is often not available DALY, CROWLEY, MOFFORD &DURKEE

FOSS Related Issues - GPL � How does this apply to us? ◦ If Company links GPL code to a deliverable, Company must provide the source code to that deliverable and give all downstream recipients the right to freely use, reproduce, modify and redistribute that source code. ◦ Company loses the right to proprietarily license its own software, or to receive downstream royalties from or notice of its redistribution. ◦ The Free Software Foundation can “do” this because GPL code is copyrighted software and it’s the GPL that gives Raytheon the required legal right to copy and distribute that software. � The GPL does not apply to “additions” that contain no portion of the licensed code and that are distributed as independent modules or files on the same or different media. DALY, CROWLEY, MOFFORD &DURKEE

FOSS Related Issues - LGPL � The “Library” License. ◦ Examples include JBOSS Hibernate, jgrapht. � Authorizes the use, reproduction, modification and free distribution of the licensed libraries and modifications to those libraries. � Distribution of the licensed libraries and those modifications is subject to GPL equivalent terms. � Also allows use of the Licensed Libraries with proprietary application programs. ◦ Distribution of source code not required. ◦ May distribute under a proprietary licensing agreement. �License for profit. �Restrict further distribution, use, etc. DALY, CROWLEY, MOFFORD &DURKEE

FOSS Related Issues – Apache 1. 1 and 2. 0 Variant of the BSD License. Authorizes the use, modification and distribution of licensed code in either binary or source code form. � Terms: � � ◦ All distributions must reproduce the original copyright notices and licensing terms. ◦ May not use the names “Apache” and “Apache Software” to endorse products derived from the software without written permission. ◦ Products derived from the software may not be called or named “Apache. ” ◦ Standard limitation of warranties. � Benefits: ◦ Distribution of source code is permitted but not required for derived works. ◦ Licensing terms attach only to the original code. ◦ Derived works may be proprietarily licensed. � Example includes Android SDK. DALY, CROWLEY, MOFFORD &DURKEE

FOSS Related Issues - Do. D Community Source Usage Agreement � Authorizes the use, modification and distribution of licensed code in either binary or source code form to the Do. D Community. � Do. D Community means all employees of the Do. D Components, other US Government Agencies as well as contractors that are supporting U. S. government purposes. � Prohibited from copying or distributing the software for any purpose other than Official US Government Purposes. � Other Terms: ◦ All distributions must reproduce the licensing terms and notices. ◦ Standard disclaimer of warranties. Applicable to certain software from https: //software. forge. mil DALY, CROWLEY, MOFFORD &DURKEE

FOSS Related Issues - Summary of Licenses � General Public License ◦ Programs containing any portion of GPL licensed code must be licensed, and their source code redistributed, under the GPL. � Lesser General Public License ◦ Modifications to actual text files must be licensed, and their source code redistributed under LGPL, but may be linked to proprietary software if complete object code is provided and reverse engineering authorized. � Berkeley Software Distribution License ◦ Modifications and greater works may be copied and distributed under proprietary licenses. DALY, CROWLEY, MOFFORD &DURKEE

FOSS Related Issues – Intended Use Matters � Understand restrictions applying to your intended use of the software! Will you modify or distribute the code? Or just use it as is? � Key distinctions exist WRT distribution or modification. For example: ◦ Under GPL, distribution within Company is not considered a “distribution”. ◦ However, if GPL software is embedded in a product sold by Company, the entire product may become governed by GPL, forcing you to deliver all of the source code for your product! ◦ If you must use GPL software with Company developed software, careful planning and analysis is needed to prevent sacrificing your proprietary software rights. ◦ Most Freeware license agreements do not allow for redistribution, or require an additional redistribution license agreement. � � Information Assurance (IA) vulnerabilities must also be considered Do not download or accept any license terms without getting Company approval first, even if just for evaluation. DALY, CROWLEY, MOFFORD &DURKEE

FOSS Related Issues - Summary � Open Source Software is not a panacea but may be a useful tool in your toolbox to insure competitiveness. � As with Commercial Software …. . ◦ Once approved, you are able to use FOSS as long as you are compliant with the licenses. ◦ Remember that zero-cost ≠ unrestricted rights. ◦ ALL software licenses have usage restrictions. ◦ Externally distributed software will ALWAYS require extra scrutiny to ensure license compliance. � Company should have a policy to provide direction to obtain approval for the use of FOSS before using FOSS to ensure proper compliance with customer contracts and United States Government regulations. DALY, CROWLEY, MOFFORD &DURKEE

FOSS Related Issues - Summary v. Do. D is now starting to do open source scans to ensure the code is compliant with the various open source licenses and when identifying potential violations, raising the issue with the contractor to determine if a violation has occurred. v. Be vigilent to ensure you comply with the various licenses DALY, CROWLEY, MOFFORD &DURKEE

Questions? Don Mofford Daly, Crowley, Mofford & Durkee, LLP