Open source software (OSS) has emerged as a significant market disruptor in recent years. OSS serves as an alternative to commercial software licensing wherein the licensee does not need to pay for the license. This tends to make it particularly attractive to start-ups attempting to keep their costs down. However, the free use of the OSS comes with some additional considerations which need to be managed before an acquirer purchases a company making extensive use of OSS.

Some analysts have noted that, in the acquisition context, OSS can present a number of challenges, including security risks and compliance. Compliance obligations can arise through the licenses of use for the OSS and understanding the nature of these risks going into a transaction can ensure a smoother transition. A possible method for of doing so may require the acquirer asking the target to manage any compliance issues beforehand, while another suggests that the acquirer devise strategies for addressing compliance issues once the transaction is complete.[1] Ideally, a target company will exercise best practices for tracking where OSS is used in its products. However, there may be undisclosed uses of OSS which an acquirer will need to be aware prior to undertaking a purchase. Otherwise, undisclosed uses of OSS can potentially result in costly liabilities and obligations.

Another method for managing the risks of OSS involves the use of an open source audit, which is a process by which the product’s code is mapped against third party code to determine the origin of certain aspects of the software. Importantly, this process can reveal which parts of the OSS are an original, proprietary development. The use of an audit gives the acquirer a relational map of which obligation arise as a result of any OSS integrations. These can assist in catching instances where OSS was used in a product, but the developer failed to track. The acquirer can further use an open source audit to determine a realistic value of the target’s software developments and plan for any roadblocks on the path to commercial distribution of the software.

Technical audits are an essential feature of any acquisition and can give the acquirer an understanding of the obligations that come with the integration of the OSS into the target’s systems.

[1] See: Ibrahim Haddad, Open Source Audits in Merger and Acquisition Transactions: The Basics You Must Know (The Linux Foundation, 2018).

The author would like to thank Tom Sutherland, summer student, for his assistance in preparing this legal update.

Stay informed on M&A developments and subscribe to our blog today.