Authors: John Pryor & Elin Hauge
The tech start-up landscape is sizzling hot. Entrepreneurs are motivated by the compelling headlines about highly profitable exits, making both founders and investors rich. To get to this castle in the clouds, the start-ups typically need to build and launch their technology products as fast as possible with limited capital. Along this path, many founders make a potentially risky decision; to use opensource code to build what they believe will be a proprietary product.
Investors are increasingly reviewing opensource licence risks. In simple words, investors do care whether they are buying something truly unique, or something fully or partly built of code copied from publicly open sources. Many investors and buyers have walked away when these issues surface. The risks to the seller are that requested guarantees can later bite the start-up (owners) where it hurts, and the dreams of growth and prosperity may end up down the drain – all because of some not so well thought-through product development decisions.
Sounds familiar? Or worth spending a few more minutes on? Read on.
The opensource approach has several pitfalls:
1) Opensource code, believe it or not, comes with license agreements. This can require disclosure of your own valuable proprietary code! This is a little known ‘hidden’ risk lurking in the code of most start-ups. Donald Trump’s ‘Truth Social’ is currently under notice to comply with an opensource general public license (GPL) to make the code available to those that request it, or the Group's licence to use the code will be terminated or face a Copyright intellectual property (IP) infringement suit.
2) Open source ‘open-door’ security weakness. Opensource software may have unknown weaknesses exposing a business to risk of data breaches. Software code vulnerabilities are easier to determine and exploit in opensource software. For example: Scotiabank stored highly sensitive data in publicly open and accessible GitHub repositories, exposing its internal source code, login credentials, and confidential access keys! And Fortnite users were targeted by ransomware masquerading as a game hack tool for Fortnite but, on being downloaded, locked up the user’s computer and demanded a ransom!
3) As part of an exit process, as well as any investment onboarding, the start-up goes through a due diligence process. This means that legal, financial and domain experts scrutinize and assess the company to verify whether the valuation is fair and/or correct. The start-up’s value proposition will include representations of competitive advantage, which in turn will require proof of intellectual property ownership, protection against copying and demonstration of barriers to entry. If the product/service at the core of the company is built on too much opensource, the company may not actually be in a position to claim ownership of core IP (such as proprietary code, copyright and trade secrets) which in turn may yield a company valuation far less that desirable.
4) Finally, be very aware that to fully own software, each of the developers must have relinquished any ownership claims that they might have. This is important because copyright ownership usually automatically resides with those involved in creating the work unless otherwise contracted.
Most entrepreneurs are not really keen on spending too much time on legal issues. It’s complicated, time-consuming, expensive, and not the most fun part of building a start-up. However, spending a few hours on the following three action-points may prove to be well worth both time and money:
a) As a team, build a conscious plan around which components should be your own IP, and which components may be built through opensource without damaging your IP. Sometimes, getting a Minimum Viable Product (MVP) to the market is more important than the IP itself. If so, you may want to make sure that this is a conscious decision, and you have a clear plan for exchanging the opensource with your own IP at some point.
b) Think about what drives your competitive advantage, what is your ‘secret sauce’ and make sure you are securing these aspects. Ask an IP rights expert for help to put together an IP strategy, or at least a very simple plan for how to identify, protect and get full value from your gold. Sometimes investors also ask for this.
c) Make sure you have formal contracts with employees and sub-contractors that clearly state ownership of developed code and confidentiality around your IP and ‘secret sauce’.
In conclusion, opensource can be very helpful for start-ups, but make sure you keep your eyes clearly focussed on any license or security restrictions. Conscious and early decisions in this area will help you code for dreamy success and not a nightmare on open street.
What is IP?
IP stands for Intellectual Property. According to Wikipedia, “intellectual property is a category of property that includes intangible creations of the human intellect. There are many types of intellectual property, and some countries recognize more than others. The most well-known types are copyrights, patents, trademarks, and trade secrets.”
Why do IP rights matter to start-ups?
Commercial usage of intellectual property to deter, protect and strengthen competitive advantage is, in most cases, essential for the value of the company. Start-up IP is much broader than patents and trademarks and must also include ‘soft’ IP like copyright, trade secrets, know-how, database rights, digital rights, not in the least because this is faster to get in place.