Slashdot Mirror

← Back to Stories (view on slashdot.org)

Protecting Your Code While Allowing Source Access?

Posted by Cliff on from the open-source-doesn't-necessarily-mean-free dept.

foo_48120 asks: "My small development shop, myself and four employees, is taking on a fairly large job that will run a substantial part of the clients business. To protect themselves they want the source code to the project. Frankly I don't blame them. We bid aggressively to get them to underwrite our own efforts to build this code, which we plan to resell again and again. That is the basis for our company. I have no problem with them holding the source but need to make it clear that we own the code and that they have a license to use it in their business. They may at their discretion hire others to modify the code, but would still be required to pay their maintenance contract and be prohibited from reselling it or using it to run an additional business. How do you provide open source without escrow, yet protect what we are documenting up front as out intellectual property rights in the ownership of this code?"

Of course third party developers may break things and we would not be responsible for that or for fixing it without further renumeration.

Ideally, if we make them happy then we will do all future upgrades and add on modules as well. I am not worried about that. I do want to know if anyone has experience in the writing of such a licensing agreement? Perhaps they could provide me with a sample copy of their text?

Let's leave aside for now the issue of totally open source vs. closed source. There are times when you want the product to be proprietary as we do, however I want them to feel comfortable using our code so that if a proverbial plane were to fly into our building and wipe us all out then they don't go down the tubes with us."

21 of 533 comments (clear)

  1. Signed contract... good lawyer. by Jerry · · Score: 5, Informative

    I ran my consulting business under the same premis for 15 years. The contract they signed with me included, among other features, their right to the source code with the restriction that they could not use it as the basis for competition against me. Terms included where a conflict could be ajudicated, the amount of damages, etc...

    --

    Running with Linux for over 20 years!

  2. Escrow by gengee · · Score: 2, Informative

    We have a similar situation where I work - We've handled it by putting the code in the hands of a third-party escrow service. If we disappear, they get the code. Otherwise, they don't get to look at it.

    --
    - James
  3. Contractual Clauses by il_diablo · · Score: 5, Informative

    Look into a Exclusive Use rights clause in your contract. There's nothing saying that you can't agree to let them use the software and have a copy of the source as a deliverable. However, you can limit their ability to resell/reuse the component.

    Additionally, create an Intellectual Property clause in the contract spelling out specific ownership rights/responsibilities.



    Insert IANAL comment here.

    --
    Quidquid latine dictum sit, altum sonatur.
  4. Outstanding service and support by SmoothOperator · · Score: 4, Informative

    If you offer them outstanding service and support throughout the time they use your product, they will come back over and over again to you. They will want you, and only you to maintain the code, as well as to provide upgrades. If you start jacking them up, have poor business relations with them, they will look for alternatives, and they will take your code, no matter how many clauses you place in your EULA.

    --

    Veni, vidi, vici.

  5. My company by RudeDude · · Score: 5, Informative
    My company (I'm a founder and co-president) has dealt with this type of things many times. The bottom line has been we put a license and ownership statement in the contract.

    There are two basic ways (as we see it) to do this. Keep ownership and grant a license that has a specific list of allowed uses or just the reverse where you give them ownership but retain specific license for yourselves.

    You can usually make it work as you need it with either party having ownership, since ownership just means they have final say, can change the license, and get any non-specified (default) rights.

    Keeping in mind this is only one small part of the whole contract and I don't promise this is safe or useful for you as it is... here is a paragraph right out of our standard contracts:

    (b)Grant of License. Steem hereby grants to Client, upon the terms and conditions set forth in this Agreement, a non-transferable, non-fee bearing, single use, worldwide right and license, without the right to sublicense, for software developed by Steem for use with the Web Site. Any artwork, graphics, or designs created to Client specifications for use in the Web Site become property of the Client upon the Web Site Launch. However, Steem retains the right to display any created artwork, graphics, or designs as part of Steem's portfolio of design work. Steem retains sole rights and ownership of all interactive code. The provisions of this Section 7 will survive indefinitely regardless of the completion or termination of this Agreement.

    --
    RudeDude
    Perl/Linux/PHP hacker
    1. Re:My company by jmcharry · · Score: 3, Informative

      Having been on the other side of a number of these, that is a good start. We usually wanted the right to make and use as many copies as we wanted inside the company, and the rights to read and modify the source. Sometimes we granted an unlimited license to the modifications back to the original vendor if they wanted to add them to the maintenance bundle. Starting with something like this boilerplate and keeping an open mind to modifications from both sides can produce a fairly detailed list of rights, but one that avoids any disputes in the future. Sometimes, if the vendor doesn't want to cough up the source code, there is an agreement to put a copy in escrow with a third party in case the vendor goes casters up. I can recall once when we did this. Turns out the working level people on both sides just shared the source anyway, which wasn't a problem.

  6. Re:I would make two version of the tree by isomeme · · Score: 3, Informative

    The parent is modded as "Funny", but this is a real strategy, called "source shrouding". Doing a thorough job of it is nontrivial, because it requires a full language parser to morph everything correctly. But the result can be e.g. program source with no comments, no unneeded whitespace (including newlines), and all identifiers replaced with x00001, x00002, etc. It's not a guarantee against someone managing to modify it, but it sure raises the barrier.

    That said, the other posters on this thread are quite correct in saying that the "right" approach is to craft a contract that specifies how your code may be used.

    --
    When all you have is a hammer, everything looks like a skull.
  7. Yes you can do this and it works by MadHungarian · · Score: 2, Informative

    I assume you are not asking how to do this, for that you need a lawyer, but asking if it is doable. The company I work for develops custom software and provides source licences.

    In one case, client has the source, but the company owns the rights and if the client modifies it, all warranties are void.

    In another case the client has the rights to use the code, but pays a license fee for each instance. Yes, you can have your cake and eat it too.

  8. Escrow contracts are voided by bankruptcy by Bruce+Perens · · Score: 5, Informative
    Your customer is smart.

    Conventional escrow doesn't work when customer needs it - when your company fails. A bankruptcy judge will review your company's assets, and may find that the source code is the only marketable asset, and must be preserved for your debtors. Judges have voided escrow contracts in order to maintain the remaining value of the company.

    Thus, your customer is wise to ask for the source up front. And if your company is bankrupt, it's not going to matter much to you - except that you'll know you didn't screw the customer.

    You need a lawyer. It's a pretty simple contract, once you've explained the parameters.

    If you want to use Free-Software-friendly attorneys, I can direct you to several, but pretty much any attorney will do.

    Bruce

    --
    Bruce Perens.
    1. Re:Escrow contracts are voided by bankruptcy by gengee · · Score: 3, Informative

      Yes, our contract basically grants 'unlimited use' of the code to the client in the event of insolvency, but specifically prohibits selling. Thus, the escrow doesn't obviate the ability of the company to list the code as an asset in Chapter 7.

      If your company has no problem with opening the code to your clients /before/ insolvency then the issue is even simpler. I fail to see why whatever standard 'use license' you use currently wouldn't work...

      --
      - James
  9. Re:Sometimes I fail to understand people by bahwi · · Score: 3, Informative

    Guru.com has something else to say. They say if you are not an employee, you keep the copyright to the code. The people who pay you to develop it are granted a nonexclusive right to use what you've created. The fact that they get something that accomplishes their goal is their monetary investment coming back to them. Not the right to sell and resell the code to make millions while paying you a few thousand.

    That's just what guru.com says, and it is always best to have everything in writing, and it is always best to consult a lawyer, not a site like guru.com (or even slashdot.org, although we all love pointing out this fact every time this question arises over and over!)

  10. Re:Copyright Law... by cpt+kangarooski · · Score: 3, Informative

    It DOES give them redistribution rights, actually, under the First Sale doctrine. The same rule that lets you buy a book or CD, then sell it used.

    It has to be the same copy as originally purchased, and you couldn't keep a copy of that for yourself, but it could be redistributed.

    They may also be able to create a derivative work if it is sufficiently remote from the original, as well as make fair use of it, etc.

    --
    -- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
  11. Source Code by Anonymous Coward · · Score: 1, Informative

    Take a look at joelonsoftware.com, his company sells some software with the source code and he doesn't agonize about it.

  12. I beg to differ. . . by aoteoroa · · Score: 2, Informative

    A) This is not open source you're talking about at all.

    What the poster suggested is Open Source.

    It is not free software because the source code comes with copyright restrictions.

  13. Intellectual Property and the Copyright (Inform) by tbonium · · Score: 2, Informative

    What you really need to do is find a lawyer that knows something about technology and IP. There are some fairly tricky contracts that allow customers access to source code while not negating the IP rights of the author(s). The first thing that you need to do, however, is place copyright notices on every file of source code. At a minimum, it's better than nothing, especially if you are locked into a contract already. Getting a customer to rewrite a contract that has already been signed is a bad idea.

  14. NOLO by Free+Heel+Skier · · Score: 2, Informative

    I have used several books from NOLO Press to draft legal documents and contracts. All of which revolve around my Software business. Their books are very well written and understandable by us geeks with out a lot of legal knowledge.


    One book stands out in my mind that you may want to check out - Web & Software Development: A Legal Guide. If you do end up talking with a lawery, this book may help you to fully understand what you want and to be able to make sure that everything is included in the contract.


    Life is like an elevator, sometimes you get the elevator and sometimes you get the shaft

  15. Make them show you the money by Anonymous Coward · · Score: 1, Informative

    So, your options are using a Lawyer, using the Microsoft Source code sharing license, the GPL or..you also could try selling the source code for a big quantity of money. Make them pay you for the development of the software, for the months of paying to your employees and for the price of the software. (And a plus of a %20 just for benefits)

    You'll forget any complications and also you'll get a lot of money.

  16. Re:I bought source MANY times for vast amounts of by Anonymous Coward · · Score: 1, Informative

    Oh no.. no one ever "borrows" ideas and turns around and makes a mint off them. Excuse me while I ask for a helio to pull me out of the mountain of bullshit that statement caused. I'm not sure what Fantasy Island you live on there in the Land of Makebelieve but someone needs to send a search and rescue team to drag you back in leg irons.

  17. That's not "Open Source" by Phil+Hands · · Score: 3, Informative
    Sorry to be pedantic, but what you describe is NOT Open Source.

    Just because you get the source, is not sufficient to qualify as Open Source.

    The Open Source Definition is effectively the same document as the Debian Free Software Guidelines, and as such both have conditions that require that the software be alowed to be redistributed, even if modified or aggregated:


    1. Free Redistribution

    The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license shall not require a royalty or other fee for such sale.

    ...

    3. Derived Works

    The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software.

    ...

    7 Distribution of License

    The rights attached to the program must apply to all to whom the program is redistributed without the need for execution of an additional license by those parties.

    --

    Debian: GNU/Linux done the Linux way
  18. Very common by cerberusti · · Score: 2, Informative

    Actually this is very common... I can speak from both sides of the issue as my previous position was with a large company where I outsourced much of the work and, I currently own a small software company. This is generally just to protect the company should you go bankrupt. Just have your lawyer (if you do not have one, you need to find one, as having a good lawyer is essential to any company, large or small) draft a contract including exactly what they can and cannot do. Usually ours state that they can use the source internally however, they may not resell it and, they may not include it in a product they sell. Depending upon the circumstances (you were too vague in your submission to give you a clearer answer) you may want to make exceptions for certain uses. I do hope, however, that you are doing this before you signed a contract to provide the product, otherwise it may be too late.

    --
    I'm a signature virus. Please copy me to your signature so I can replicate.
  19. Re:Although he's not likely to find the definition by Anonymous Coward · · Score: 1, Informative
    An apostrophe "s" also indicates a possesive. The word "it" is a pronoun with unspecified sex - in this case refering back to the word "code."

    Consult the standard. The reserved word "it" is formed into the possessive form by appending an "s", forming "its". The macro "it's" preprocesses to "it is". There are more rules here than for C++, to be sure. :)