Transcription
Presenting a live 90-minute webinar with interactive Q&AOpen Source Due Diligence in M&A: OpenSource Software Identification, Tracking,Approval for Use, Risk AllocationTHURSDAY, AUGUST 30, 20181pm Eastern 12pm Central 11am Mountain 10am PacificToday’s faculty features:Heather Meeker, Partner, O’Melveny & Myers LLP, Menlo Park, Calif.The audio portion of the conference may be accessed via the telephone or by using your computer'sspeakers. Please refer to the instructions emailed to registrants for additional information. If youhave any questions, please contact Customer Service at 1-800-926-7926 ext. 1.
Tips for Optimal QualityFOR LIVE EVENT ONLYSound QualityIf you are listening via your computer speakers, please note that the qualityof your sound will vary depending on the speed and quality of your internetconnection.If the sound quality is not satisfactory, you may listen via the phone: dial1-866-258-2056 and enter your PIN when prompted. Otherwise, pleasesend us a chat or e-mail sound@straffordpub.com immediately so we can addressthe problem.If you dialed in and have any difficulties during the call, press *0 for assistance.Viewing QualityTo maximize your screen, press the F11 key on your keyboard. To exit full screen,press the F11 key again.2
Continuing Education CreditsFOR LIVE EVENT ONLYIn order for us to process your continuing education credit, you must confirm yourparticipation in this webinar by completing and submitting the AttendanceAffirmation/Evaluation after the webinar.A link to the Attendance Affirmation/Evaluation will be in the thank you emailthat you will receive immediately following the program.For additional information about continuing education, call us at 1-800-926-7926ext. 2.3
Program MaterialsFOR LIVE EVENT ONLYIf you have not printed the conference materials for this program, pleasecomplete the following steps: Click on the symbol next to “Conference Materials” in the middle of the lefthand column on your screen. Click on the tab labeled “Handouts” that appears, and there you will see aPDF of the slides for today's program. Double click on the PDF and a separate page will open. Print the slides by clicking on the printer icon.4
StraffordAugust 30, 2018Open Source Due Diligence in M&A: Prepping for the Technology M&A ExitHeather Meeker, O’Melveny & Myers
You are about toenter thecompliance zone6
Which answer will get you a better valuation?Please send us all your employee inventionassignment agreements. Answer 1: Here they are Answer 2: Huh?Explanations are OK. Blank looks are not.7
Do the dillybefore the dillydoes you.8
More professionalism higher valuation9
Why Does a Buyer “Due” Diligence? Avoid unexpected third party liability Confirm valuation of the deal For open source issues, diligence isparticularly important becuase indemnitiesdo not handle problems well, compared toother IP problems– Most IP problems are solved with money– Open source probably are usually solved withengineering or administrative work10
Process11
Open Source Diligence Process Always includes a self-disclosure May include a review of policies Often includes a “code scan”– e.g. Black Duck/Synopsys or Palamida/Flexera All code reviews find issues Scope of review is key12
Forensic Scan Process What kind of tools?– Audit tools (e.g. BD)– GREP tools (e.g. FOSSOLOGY) 13Scan is usually ordered/paid for by buyerScoping of scan is keySeller provides review packageBuyer reviews resultsSeller usually gets to see resultsBuyer asks for remediation or remedies
Representations14
A Representation in the Wild(obfuscated)Company’s use of and activities with respect to anyopen source software in connection with the Businessdo not and will not (i) require the licensing, disclosure ordistribution to any other person of any software orintellectual property owned by or licensed to Buyer or itslicensees or licensors (“Buyer Materials”) (ii) prohibit orlimit the receipt of consideration in connection with thelicensing, sublicensing or distribution of any BuyerMaterials to other persons, or (iii) allow any person todecompile, disassemble or reverse engineer any BuyerMaterials.15
Why this rep is a problem It tries to disallow copyleft, but is overbroad. It includes freeware, scripting code, standardexceptions for enforceability of reverseengineering prohibitions Based on a 1990s clause from Microsoft,and has become a Frankenstein. If you challenge this clause, the lawyers whopresented it probably cannot explain defendit16
A Better Approach Disclosure– Exhibit lists all Open Source Softwareincluded in the Company Products. Compliance– Company’s use and distribution of the CompanyProducts is compliant with all applicable OpenSource Software licenses. No materiality or knowledge qualifiers work here These work with standard reps regarding (a) noninfringement and (b) source code disclosureobligations.17
Common Issues18
Top Problems No information (complete abdication ofcompliance) No notices (particularly in mobile apps)– Web notices– Consider making source code available No source code offer Incomplete/incorrect source code No build instructions MySQL and similar problems Code with no licenses CC-SA (stack overflow)19
Top Non-Problems Use of unmodified LAMP stack components Development tools “Viral” effect20
Variations on the Theme Use of data sets in AI Use of map data (OSM, ODBL) Standards licensing21
Disclosures22
Reviewing the Disclosure Schedule Dual licensingambiguity:“GPL/LGPL” Missing licenseversions Includingproprietary code SPDXabbreviations -https://spdx.org/licenses/23
Remediation24
How Problems are Addressed in the Deal Pre/post closing covenantsPre-closing conditions -- unusualWork before signing -- very commonSpecial indemnities -- not so usefulDo nothing -- common in acquihires If you are seller, don’t jump the gun25
The 5 Rs 26RemoveReplaceReengineerRecodeRelicense
THANK YOU! For more informationor questions, contact:hmeeker@omm.com 510-463-1116 Free e-book: go towww.heathermeeker.comand follow the “UsefulLinks”27
Aug 30, 2018 · Open Source Diligence Process Always includes a self-disclosure May include a review of policies Often includes a “code scan” –e.g. Black Duck/Synopsys or Palamida/Flexera All code reviews find issues Scope of review is key 12
