Software Distribution
Object Code vs. Source Code
■ It is important to distribute software only in object code form.
■ If object code distribution is not possible, the company should consider:
- Utilizing a source code obfuscator (i.e., scramble the symbols, code, and data of a software, rendering it impossible to reverse-engineer, while preserving the application’s functionality).
■ Embedding a “signature” that can be easily traced in the code (e.g., inserting a nonfunctioning block of code into functions or portions of the code that can later be used to verify whether portions of the code were copied, replacing a commonly used value (e.g., “0”) with a symbol, number, or short text string).
Language for License Agreements
■ An appropriate End-User License Agreement (EULA) should be included with the software and requires acceptance prior to installation or use of the software. Any licensing arrangements should be in writing and should set out the terms and conditions on which the IP may be used.
■ In terms of limiting liability, ensure that misappropriation of IP by the customer is excluded from any damage cap or other limitation of liability clause. Breach of the license to the software should result not only in a breach of contract, but should also constitute an infringement of IP rights.
■ License agreements should clearly and narrowly describe the specific uses the licensee can make of the software, including whether the software is subject to limitations such as specific hardware, locations, or servers on which it can be operated.
■ For software embedded in hardware, the licensee should not be permitted to sell or otherwise transfer the hardware without the transferee’s agreement to be bound by the license agreement.
■ Tire license agreement should include express prohibitions against reverse engineering, decompiling, or otherwise acting to discover the source code and trade secrets of the design.
■ Documentation accompanying the product frequently contains trade secret and other proprietary information. Its disclosure should be subject to a nondisclosure agreement (NDA) or other confidentiality obligations.
■ In addition to a copyright notice, documentation should include a statement that the material is confidential, constitutes trade secrets of the licensor, and is provided solely in support of the licensee’s use of the product.
Nondisclosure Agreements
■ Initial discussions with potential licensees and provision of product documentation can be conducted under a standard NDA. Once any code is delivered, however, a license should be required.
■ Confidentiality obligations with respect to trade secrets should be perpetual. NDAs and other confidentiality obligations frequently have time limits for their protections. While this may be appropriate for most confidential information, the presence of these limitations could result in waiver of trade secret protection. These provisions should be revised to ensure trade secrets will be protected as long as they are protected under applicable trade secret law.
Audit Rights
■ Tire company should always try to include audit rights to ensure proper use of the software, although many companies will refuse to grant such rights or attempt to greatly limit the frequency and scope of them. Use a third-party auditor who specializes in conducting compliance audits and determines its fees solely as a function of instances it uncovers in which the licensee has used the company’s product in violation of the license agreement (e.g., the auditor receives a percentage of revenue generated by the excess use, but no other compensation).
■ In addition to audit rights, the company should require that, on a periodic basis, an officer of the licensee certifies in writing that all use of the company’s product is in compliance with the terms of the agreement. In particular, the certification should identify all installations and uses of the software. Copies of the certifications should be retained until at least five years after expiration of the license agreement.
Foreign Jurisdictions
■ Distribution in foreign jurisdictions should be done with care to ensure the relevant locations respect IP rights.
■ Some technologies included in products, including those in software, hardware, or firmware, may be subject to certain restrictions and requirements under the export control laws of the United States and possible import restrictions in other countries. Hie company should always include an obligation that the licensee will comply with all such requirements and restrictions. Be aware that access to such technology in the United States by foreign nationals may constitute a “deemed export.”
Source Code Licenses
Escrow the Source Code
■ Providing licensees with access to source code is strongly discouraged. If a licensee insists on access, the initial response should be to, at most, escrow the source code with an approved escrow agent. The release conditions from the escrow should be limited to voluntary bankruptcy, the company’s decision to cease support of the entire product line, and other appropriate narrow conditions.
Language for Source Code License Agreements
■ If source code is to be licensed, it must be done under a specifically drafted source code license agreement that, among other things, does the following:
- - Prohibits the licensee from installing the source code on any networked computer (whether an internal or external network).
- - Requires the licensee to keep physical copies of the source code in a locked safe when not in use.
- - Prohibits copying the source code onto any form of removable media (e.g., USB fobs, CDs, DVDs, removable drives).
- - Strictly limits the licensee personnel who can access the source code.
- - Prohibits access to the source code by any third-party contractor without the company’s express written authorization. At minimum, competitors should be precluded from ever accessing the source code.
- - Requires retention of complete and accurate logs of all access to and use of the source code.
- - Strictly precludes the licensee from using any open-source software in connection with the source code.
- - Requires the licensee to indemnify the company from any and all infringement claims that may arise from their revisions to the source code.
- - Makes clear that any warranties, indemnities, and support obligations are applicable only to the unmodified version of the software. Once a licensee modifies the source code, the obligation will no longer apply.
- - Prevents the licensee from applying for or obtaining any IP rights in any derivative works.
- - Includes express contractual provisions preventing the licensee from ever enforcing any rights it may have in the derivative works against the company or its customers.
- - Includes a broad, irrevocable license from the licensee to the company for all derivative works. An outright assignment of IP rights would be preferred.
- - Requires licensee to follow specific information security measures in handling and using the source code.
- - Includes the company’s right to audit the licensee’s use of the source code, including the use of third-party auditors.
- - Clearly and narrowly defines the licensee’s uses of the source code.
- - States that all licensee personnel coming in contact with the source code must be bound by strict confidentiality agreements.
- - States that licensees should be strictly limited in the jurisdictions in which the source code may be used. As noted above, some jurisdictions do not respect or protect IP. In addition to physical transfer of the software to other jurisdictions, the license should also limit remote access to the software in those jurisdictions (e.g., the software is located in the United States, but accessed in Russia).
Summary
The dynamic environment of technology development warrants genuine caution on behalf of companies participating in this space. In many cases, a company’s IP can be among its most valuable assets. Anticipating the potential risks associated with IP can prevent a host of issues from arising after the opportunity to protect IP has passed.
