Forgot your password?
typodupeerror
Security

Seeking Someone to License the Heart of Your Company? 55

Posted by Cliff
from the danger-danger-DANGER-Will-Robinson! dept.
dcdukeu asks: "We're a small software company that is about to enter into an 'Acceptance Period' with a much larger company for the purpose of determining if they want to license the source code and intellectual property of our main product. This involves giving them our source code, whitepapers, and providing the technology transfer of how things work. Once they receive this they get 45 days to determine if they want to move forward and incur royalties plus payment minimums. What I want to know is if other people have dealt with this before and what would they recommend in terms of how we can turn our information over to them in a time sensitive way (e.g. after 45 days the documents they receive cannot be viewed any more). We are basically giving up everything we have and training them before they say 'yes' or 'no' as to whether or not they are going to move forward. Thoughts?" Unless there are numerous protections already in place to prevent the larger company from running with the information gleaned from this transfer, this so does not sound like a good idea. If you've been in a similar situation before, what suggestions would you have for dcdukeu?
This discussion has been archived. No new comments can be posted.

Seeking Someone to License the Heart of Your Company?

Comments Filter:
  • by TheReverand (95620) on Saturday February 23, 2002 @06:25PM (#3058596) Homepage
    If they know what they're doing, there's nothing you can do to stop them from making copies of documents. Sure, you might come up with some time-limited features, but if your material is that valuable then they'll find a way to copy it if they really want to.

    I think the best thing that you can do here is to get them to sign some legal document saying they won't touch your stuff after the expiry date. No matter how hard you try, you won't be able to stop them copying things (screenshots work, even if nothing else does), but if you have a contract it might make them think twice.

    • My uncle (he wrote WordStar) learned a very expensive lesson in the 80's when he did a similar R&D disclosure. The Companies (MS, Lotus, Corel) copied the work and later released their 'own' products and stiffed my uncle on roytalies. After years of court battles the cases we're lost. What you can do today is patent protect your core technology. Patents infrigment cases are defended by the US patent Office process rather than your States Licence agreement/contract laws.
      • Do you know how much it costs to file a protectable patent? How long it takes to get it filed? How useless it is under 'umbrella patents'? How useless it is without a good lawyer?

        There is very little the small fry can do. Thats why we call them small frys.

        Your uncles mistake was not an expensive one (unless he paid for the court battles, but that was his perogative to seek repayment.) He didn't lose anything in losing the IP royalties.

        One last question .. do you think he would have invented WordStar if there was no money behind inventing it? Thats not a loaded question, I'm simply curious.
        • Why does his motive for developing software have any bearing on his rights.

          That post, if it is true is the reason patent law exists.
          • Because his rights are variable.

            We've see the 'right' for copyright holders to make a living off a creation go from 20 years to 70 years after their death (ensuring that their kids needn't have a creative bone in their body).

            The word 'right' is thrown around like so much water these days .. but I charge that what we call 'rights' these days are simply state-backed laws pushed by the Disneys.

            Same with patents. Your 'right' used to be 5 years. Now it's 20. Up until patent laws, it wasn't a 'right', and yet, shit still got invented.

            Start thinking about what you call 'rights', and why you consider them 'rights'. Who taught you that they were 'rights'? I think we all have rights to water, food, a place to live, and freedom of speech. I do not consider getting wealthy off inventions a 'natural right'. You may, but we certainly have no way to epirically proove what is a natural right, either way.
            • Your argument against present patent law is that big corporations unfairly use them, sometimes holding the entire IT industry hostage.

              Yet those same laws are there to benefit "the little guy". A case in point would be the father of my roommate in college. He developed a process that lowers the cost of producing plastic -- a process that has been licensed to GE for about 4 years now.

              You should be advocating reform of patent & copyright law, not abolition. The ability to profit off of your inventions is a valid right and should be protected. It is not a natural right, but a right granted to the people by the governments of all civilized countries.

              Who taught you that we all have rights to free speech and a place to live? For thousands of years nomadic hunters roamed the planet in search of game to kill & eat -- where was the roof over their heads? Why is free speech a natural right? Billions of people live in oppressive societies where they lack this right. Most of them are doing just fine.

              Try to keep in mind that nobody works for free. If you don't allow people to profit, they'll direct their energies elsewhere.
              • hey man, I agree. Thats why I pointed out that his rights are variable.

                However, I disagree with nobody working for free. Its simply, totally, untrue. Lots of people work for free, and the problem is, we've come to believe that work you do for free isn't 'work' at all (making music, helping the needy, joining the army, whatever). So why is that? Well, it's pretty simple: we consider anything produced under the guise of unpaid work as intrinsicly worthless, as this system would fall apart if people were willing to write the Top 40 for free (or probably more accurately, consumers started to find music they like that was being made for free). Watch advertising, culture, media .. you can see there is a large amount of implicit distain for anything produced without the intent of making money off of it. (Witness MS's attitude towards Linux as 'evil for humanity'.) Unfortuanetely, it's a point of contention that is impossible to proove under the axioms of current overboard capitalism.
  • you are giving someone else access to your most business critical information.

    This is one of those situations where you NEED expert advice you can rely on - and potentially sue if they f**k it up.

    Alex
  • No fscking way. (Score:5, Insightful)

    by WasterDave (20047) <davep@ze d k e p .com> on Saturday February 23, 2002 @07:04PM (#3058705)
    The only time I've been in a similar situation I was lucky because I could hand over a piece of hardware and say "go on then, assess this". But software? Source? Training and documentation? You're about to be raped, buddy.

    I can see you're in a bad place - really wanting to make this deal happen, but you have to look at the risks. Three suggestions:

    1, Turn the deal on its' head, get them to bring their software, source, docco and people to your place. Work to integrate the two and see if the execs like the end result.
    2, Get them to define what it is they are hoping to achieve and have a third party consultancy assess your code to see if it fits the requirements.
    3, Stay with the original gig but get them to sign a really viscious NDA preventing them from producing some derivative work or entering into the same market for 'n' years. They probably won't go for it, but hey.

    Good luck, sounds like exciting times.

    Dave
    • I was about to write the same thing. Well, a less harsh response, but still the same basic idea.

      The larger company may be legitimate, but expect that they will 'suddenly' develop your product in a few months. They probably have prototypes, can't get over a few issues, and if they just had some inspiration -- like your source code -- they would figure it out.

      I'd consider the strong possibility that they are just hunting around and this is a cheap way to do R&D.

      Now, having said that, the truely slimy people may not be the ones you're dealing with. The execs or PMs somewhere else in the larger company may be waiting on the reports from the innocent folks -- who really don't have a clue that they are a pawn in this game -- who have been asked to talk to your group directly. Still, I'd expect some to be suspect.

    • 2, Get them to define what it is they are hoping to achieve and have a third party consultancy assess your code to see if it fits the requirements.

      This is the only way to go. If they won't agree to a third party assessment, then they're out to screw you. There are lots of companies out there that do this kind of work, so you shouldn't have trouble finding one.
  • Sign an Agreement (Score:2, Insightful)

    by thebabelfish (213456)
    Before you give them anything, have them sign an agreement that they will destroy any material they receive from you in 45 days. If you find they are using your information after 45 days, you can take them to court and show the court their signatures. IANAL so I don't know if this would work very well or not, but it's an idea.
    • Before you give them anything, have them sign an agreement that they will destroy any material they receive from you in 45 days. If you find they are using your information after 45 days, you can take them to court and show the court their signatures. IANAL so I don't know if this would work very well or not, but it's an idea.

      In banking, there is the concept of the "data room". Before M&A activity, the target would place all possibly relevant data to the merger (accounts, contracts, confirmations of regulatory compliance, etc) in a room. The bankers advising the buyer are allowed unlimited access to the room for a period of days (or weeks). You can look at anything, you can take notes, but you cannot photocopy and you cannot take anything outside the room.

      If later on there is an issue, and it was documented in the data room, and the bankers didn't spot it, then any problems are for the buyer and the bank to resolve - the bank may well be in deep trouble for negligence. If the problem is detected in the data room, the bankers will advise the buyer to lower the price (for example, if there are regulatory risks, or liabilities).

      If there is a problem, and it is not documented in the data room (or cannot be derived from data in the room) or public sources (say, newspaper reports) then the seller is in a whole world of trouble, as the buyer and the bank will be after their blood.
  • Seriously, if this falls apart, it'll all be about who had the best laywers.

  • Don't do it... (Score:2, Interesting)

    by Usquebaugh (230216)
    GET A GOOD LAWYER NOW.

    As a rule this sort of practice sucks. If the product is good enough, sell it on your own. If the big company wants it, make them pay up front just to see everything, they can afford it. The only defence you have is to contact all of the competitors of the big company and make them aware of what you have and the current situation. Hopefully you can get a bidding war going.

    In general make sure you have the CEO of the big company as a signatory on any documents, make sure they are witnessed etc. Make it clear that you will go after the company and the indivdual if you have any problems. You can't win against the CEO but you can drag him through the mud.

  • If you're in this position, you really should ask yourself if you're not in the wrong swimming pool. Small fish get eaten in the big pool. You might want to rethink your stratagy, if you're looking at a situation where you have to essentially let someone read the book before they decide if they want to buy it.

    In short, you're facing a socialogical problem, you're not going to find an acceptable technological solution for it, anymore then the BSA et all is going to solve piracy through technological means.
  • Put everything in writing.

    And yes, get a lawyer immediately. People will make life choices thinking a big gig will come through, but more than likely it will NOT happen. I have not heard of deals like this ever ending happily for the smaller company. Just because your client is larger and probably well known, there is no guarantee of "safety" in making such a lopsided deal with them.

  • First, I'm -not- a lawyer; thus, this does -not-
    comprise legal advice, just "my two cents"...

    (I'm writing from Australia where one woman has
    reportedly served time in jail for providing
    "word processing" services that were interpretted
    as comprising the provision of legal services.
    [I understand that she shared the -expensive-
    law-firm provided divorce forms/papers/court-
    submissions, used in -her- divorce proceedings
    with another person, for a fee, by way of trying
    to recoup some of the legal fees she'd incurred.]
    And I don't want to be in jail for this post. ;-)

    Now, there's clearly a -risk- involved to
    the poster's company, et al. (eg its employees &
    shareholders).

    There is the hope & chance of reward.

    Before signing on the dotted line, I'd be esti-
    mating the value of each, as well as the value
    of my IP to the bigger company...

    and negotiating into the 45-day arrangement
    a "Risk Fee" (by any name), i.e. payment of
    a non-refundable amount that you feel justifies
    your putting your IP at risk...

    perhaps calculating a "rental" fee - sizable
    due to the short term of the period of rental.

    Of course, the payment would be applied to
    the Source License fee, if they want to use
    the IP after 45-days.

    Moreover, the proposed arrangement does -not-
    preclude others' suggestions that a -clear-
    "for evaluation only; not for commercial use"
    clause in you Non-Disclosure Agreement.

    Of course, a non-refundable, advance payment
    of [whatever you call] the "Risk Fee" -before-
    they see your IP means you have more cash to
    pay your 'legal eagles' in case of a breach
    of the NDA.

    What am I missing, here?

    BTW, is the posting of such a question in
    the hot-bed of the Open Source development
    community provocative? ;-)

    • I don't know why it would be provocative. Doesn't open source start out that way generally speaking? I don't think even the staunchest OS/FS advocates would deprive one of the right to make a living in the field of their choice.
  • by gnovos (447128) <.ten.deppihc. .ta. .sovong.> on Saturday February 23, 2002 @09:44PM (#3059196) Homepage Journal
    If you do this, first: prepared to be so incredibly reamed. American companies have long sice lost the concept of business ethics. They are NOT buying your source, they are looking to buy your engineers, understand this. Why? becuase if they aren't interested in your engineers, then they aren't interested in maintianing your code, which means if your code can be profitable to them then they are going to steal your source or at least the concept behind it *no matter what*, prepare yourself for this.

    If you must give them code, do it by providing actual *sealed* machines minus networking cards, and disk drives and usb ports (CD is ok, only if it is NOT writable). Seal up the box professionally with security seals that will show tampering. Place keyboad loggers and other spyware on it to watch and record what is done on this box. Go overboard and force the use of tempest-resistant fonts and lock down the system such that new software cannot be installed and add a *hardware* clock that will accurately mark off 45 days. On that day, have the system nuke the hard drive.
    • And even then, what's to prevent them from, say, paying someone to transcribing the stuff off the screen? It may very well be a bit much to copy, but if they want it bad enough, it could be done. I mean, depending on whether they made the monitor connection tamper resistant they could even use something as simple as a scanline converter and recording the stuff to video tape. I might get modded redundant for this, but if this is the heart of your business, you can't afford to let these guys have their hands on it. It's way too risky. As an above poster suggested, Turn the deal on its' head, get them to bring their software, source, docco and people to your place. Work to integrate the two and see if the execs like the end result.
  • Vaseline (Score:5, Insightful)

    by fwc (168330) on Saturday February 23, 2002 @11:23PM (#3059431)
    Buy some vaseline, you're gonna need it.

    Basically what you are doing is giving them 45 days to steal all your intellectual property. You said it yourself, you're going to do the "information transfer" and then they have the option of paying you or not. Do you think that the information you transfer is going to be able to be removed from the brains of the people who look at it?

    If you've figured out how to do something they want, they should pay for it up front. Period. None of this "let us look at it for 45 days and then we might pay you if we decide we still want it".

    About the only way this isn't going to turn bad is if this is something they really can't do themselves. If they can do it themselves, what is stopping them? Perhaps they hope to figure that out from looking at your stuff.

    If you really do want to do this you need to get about 3 DIFFERENT lawyers involved, preferably an Intellectual Property lawyer, a Corporate (agreements) lawyer, and probably a third one for good measure. You have to make sure there isn't anything that they can gain from this, or if they do gain something they have to pay you for it.

    In addition, you need to figure out exactly what they are wanting to see. If they just want to make sure the code isn't a nightmare and it is reasonably written, perhaps getting a third party involved to do the review might be a good idea. Or as someone else suggested, get them over to your place of business.

    The key here is to transfer as little as possible before they commit to paying you. It sounds like you guys are giving them everything before they pay you. I think I'll repeat myself and say that this is a very bad idea. Get the vaseline ready. You'll need it.

    The other question is the long term piece of this. A lot of the time these types of deals end up being great for a couple of years and then the two companies either split the sheets and one ends up going broke, or one eats the other one. As you're the smaller company, the chances of you being on the bottom when this happens are quite good. Are you thinking about the long term repercussions of this?

    One last thing I'll say. Don't let your greed get in the way of your common sense. Quite often people loose their good judgement when lots of dollar signs flash in front of their eyes.

    Good luck! And remember the vaseline.

  • If you are really stuck between Scylla and the shore, you could try to get them to pay half up front.

    That way it is much less worthwhile for them to bother going through the potential legal hassles involved with stealing your stuff.

    Of course, if they feel confident that they can get away with stealing your stuff anyway, it would just mean that they get it at half price.

    Also, keep in mind the difference between copyright and patent. Copyright is yours whether or not you file with the government. Not so with patents. If they use your idea before you patent it, I believe that that constitutes prior art.

    Don't bother trying any spiffy copy protection. 45 days is enough for them to get the idea even if there were no way for them to get a copy of the source (worst case for that: they take screenshots with a digital camera and ocr them).

    And, obviously, don't trust me, ask your lawyer.

    • Re:50% up front (Score:4, Insightful)

      by sigwinch (115375) on Sunday February 24, 2002 @02:35AM (#3059851) Homepage
      Copyright is yours whether or not you file with the government.
      Wrong, dangerously wrong! Without filing, you can only get injunctive relief to prevent them from further using the copyrighted material. If you file the material with the gov't, you can get compensatory damages, and IIRC if the infringement was willful you can get treble punitive damages. (Note: this is based on U.S. law.)

      The cardinal rule of copyright is: register before publication. If you don't, you might as well sign away the copyrights for free. Injunctive relief isn't worth a pitcher of warm spit.

      Get a good contract with them that says they have to either pay a reasonable fee, or stop using the product after 45 days. (Don't try to get some sort of ludicrous penalties as another poster suggested. Ludicrous fees are routinely thrown out by judges, fair fees are difficult to argue against.) If you need to keep some things trade secrets, make them indemnify you against any losses suffered as a result of their disclosure of the secrets. (That should put a damper on them wanting unrestricted access.)

      Why do they want the sources anyway? Are they going to compile the machine-readable sources, or just do a code review for quality, commenting, coherence, good style, etc. The latter could be satisfied by giving their engineers supervised access to print outs of the sources.

      And don't trust me, I'm just some random pseudonymous geek on a web forum. Definitely get the assistance of a good lawyer.

  • IANAL but...

    get one, or a few.

    Write a contract that basically costs them 50% of thier corperate net worth if they are found using your IP without paying for it after 45 days, NO EXCEPTIONS for any reason. Define your IP rediciously well, make *any* information that you transmit to them during the 'trade' your property, weither you have a contract or trademark on it, and do not transmit any information except during the 'trade'.

    if they won't sign that, then they are trying to ream you, and they should come up with another plan. Make sure someone who has control over that much of thier corperation is the endorser, it'd be better if you could cause a high up to be personally responsible, but if they are incorperated that'll probably be impossible.

    More likley allow them to send ONE auditor over and look at stuff, under supervision (but not direction). Even better have them hire a 3rd party contracter (they shouldn't be hard to find in todays economy) that will review your code for 45 days and send a report back. Neither of these solutions could possibly cost them a penny more (well the 3rd party might) than having them devote a few developers reviewing your IP in house for a month and a half.

    There is not one good reason I can think of they would recuire your entire IP to be transmited to them, there are alot I can think of for them to audit your IP.

  • If you have patents or patents pending, you're sweet. If you don't, then basically you're having to trust the other party, who it sounds like have more laywers than you (read up on Trade Secret law). If you don't trust the other party, why are you going to do a deal with them?
  • ...consider that your own management might be setting your company up for a fall. By agreeing to this, they might be getting some payoff -- an executive position, stock, some other payment.

    Either that, or your management is clueless about these types of transactions.

  • e.g. after 45 days the documents they receive cannot be viewed any more

    This is fundamentally impossible. I mean, if they were really desperate, they could just take pictures of the screen showing the source. But more realistically, there are simply too many ways for them to bypass any restriction you put in place.

    The only way you stand a chance here is with a contract in place preventing them from looking at the source code after 45 days and specifying huge consequences if they do. And to be honest, even that is very iffy.

  • Step 1:
    Hire lawyers. As many as you need.

    Step 2:
    Buy a few nice laptops. Configure BIOS to disable floppy, USB, serial, sound, PCMCIA, network, external VGA, external mouse, external keyboard etc. Basically lock down the BIOS completely. Set BIOS passwords. Install Linux, create user account with just enough privelidges to preview your technology. Disable all network capabilities, floppy, USB etc just to be sure. At this point the only way to get data off the machine is to point a video camera at the screen, which would be a pain in the ass. If you can buy tamper detecting tape or glue, use it to lock down the hard drive. You cannot keep them from getting to the drive, but you could tell that they tried. Also, try locking down the runlevels to keep them from getting places they shouldn't. Think about rm /* scripts if tampering is detected.
    • Lets just say I've encountered a similar setup when trying to put Linux on a Win box.

      Put the hood open, and *whoops*, looks like the CMOS battery got knocked out of place. No more BIOS protection.

      Quick rescue floppy, and you've magically got root.

      CMOS batteries die. Happens all the time. It would be pretty obvious that they screwed you, but you wouldn't have any grounds to seek damages.
    • Actually, if you hire good lawyers, the process goes more like this:

      Step 1:
      Hire lawyers. As many as you need.

      Step 2:
      There is no step two...

      Seriously, any physical measures that you take to try to protect that information can be defeated. If you don't trust these people with the information (and you shouldn't), a lawyer is the only security tool that will make a difference.

      It's likely that said lawyer would reiterate some of the earlier comments: the best answer is to not give them the information. If they're really interested, they will buy your technology outright, with appropriate guarantees written into the agreement (and this is really the meat of the matter). The agreement can then stipulate that final acceptance/payment are subject to the results of an evaluation and testing period of 45 days, with testing to determine whether your product works as stated in that very agreement.

      If your product doesn't work as promised, turns out to be completely undocumented and unmaintainable, or turns out to be "hello world" with a really pretty interface, it will fail to meet the requirements set in the agreement and it's terminated. If your stuff does work, they are required to fulfill their part of the agreement, as you will have fulfilled your part.

      • Yes, all physicam measures can be defeated, but all in a detectable way. Jumpering the CMOS reset, removing the CMOS bettery etc all will require opening the machine. With enough super glue or security stickers, it will be obvious they did so. Including hardware tampering stipulations in the terms of evaluation should cover you in this situation. Something along the lines of "Any tampering with equipment...will be deemed as acceptance of purchace of product. IANAL, but something like this should be acceptable.
  • I would say, "don't do it." (Or buy some vaseline, or any of a number of other warnings already posted here.)

    It's too easy for them to take the idea and not pay for it. Even if it means they have to do some moderate amount of development themselves. Like another poster said, they may have all they need except one crucial piece which viewing your source code will give them.

    I also have some anecdotal evidence. First off, look at Microsoft's history -- littered with the carcasses of "partners." You don't want to end up like one of them (Spyglass, Stacker, many more).

    My own personal anecdotal evidence: I lost a large sum of money investing in LynkUs (their website is now gone, and I can't find it in Google's cache). They were a Tampa-area company which provided two-way paging service, useful for stockbrokers to communicate with all their clients at once rather than phoning each of them serially. It also had medical applications, which is what got them screwed over.

    They are now a one-person company operating out from home; basically, a shell waiting for the lawsuit [bcentral.com] .

    I'm still hoping that something will come of my investment, but as of right now it's a total loss. I pray that the same doesn't happen to your company. Be careful!

    Several (not just one, several) attorneys should review this for you prior to you giving up the family jewels.

  • really risky deal (Score:1, Informative)

    by Anonymous Coward
    Ok. So you are ready to hand over to them:
    • Your core code/technology
    • The documentation to that code

    And they can evaluate it for 45 days.

    Why do they want to access your code/docs?

    Possible reasons:

    • They want to see if it is well written, well formated, rigourous, well documented, mantainable, etc, before they buy it. I mean, "no one" likes bad code.
    • They want to do [develop] a similar technology and want to see your specs, code, docs to give them a head start when they start developing their own tech - this basicly gives them more ideas for their design document, and possibly gives them a couple of ideas for the most "nasty" stuff do be done. Remember that if your product has competition you'll possible lose money and have to sell it cheaper.
    • They are already doing (developing) a similar technology BUT are stuck in one or more places, and looking at your source may give them the anwsers to the problems their facing.
    • It's also possible that they want to know if your companies developers program good enough, possibly to try and hire them later [or even merge with your company at some point].
    • etc, etc, etc... Think about some more reasons and protect yourself according to them. Make sure the deal is worth the risk.
    So basicly, they can have "good" (acceptable) reasons, like the first one, and they may have more obscure reasons like those that follow the first one.

    You'll have to protect your company from this. Specially because it's your main product and if you lose it your company can get out of this deal in a really bad shape.

    Some sugestions that may come handy:

    • Get some "intel" on the company. Find out if they cross dealed some other company in the past, find out some stuff about their managers, how many layers they have, wich law firm do they use - are they good ? - usually, etc, etc.
    • Find out what they are planning on knowing from your source code. Legitimate reasons? Maybe. Possibly not so.

      Get a laywer and make a written agreement that specifies what they can do with it [and specify what they can't:
      • they can't copy the software/docs
      • they can' make hard copies (prints)
      • they can't put (capture) the screen's monitor into video
      • they can't take screenshots
      • they can't keep ANY of it after 45 days (must destroy the material)

      and so on].
      Put everything you can't think of in that contract and state that if they break any rule in it (AND don't buy your product), they have to pay you big time - (estimate the value as YOUR_PRODUCT_VALUE*350%) - this way they ain't gonna feel like stealing your code and they'll accept it if they are well intentioned.
    • Don't give them everything. Offer them a striped down version of your code (really important and harder stuff stay closed, you open the rest of the stuff).If they wan't to see if it's well written, this gives them an idea of the style and code that is being used in the program/technology.
    • Whatever ammount of code/docs you give them, make them pay a fee. Like, 10% of the total cost. If they are seriously into buying your code, they won't mind to pay a fee for evaluating it.

      This way, you are saffer and get a "little something" wich you can use to pay more laywers. If their layers are really good, increase the %.
    • If possible, make them take a group of 5 (or whatever's a good number for the number of code lines/complexity of the code) developers to your offices and let them evaluate the code in there, with some supervision. This way they won't make hardcopies of it, although, if they are looking for specific solutions to one problem they may memorize it. If they don't want it, send 2 [again, a number to your choice] of your developers to work with them. This developers bring the code and stuff back to their houses everyday. The next day, they go there again for another day of code examination. (probably the best way to control them)

    There's no way you can guarantee that they can't copy it.
    They can use a pen and a piece of paper to take notes about your code, docs, etc, etc or they can even memorize portions it, and you can't sue them for that, cuz you don't know if they have it in their minds - ok, bring the lie detection machine in.

    They'll have to think something like "If we double cross these guys they'll take shitloads of money from us and it cost more than just paying for the code or paying our developers to develop a similar thing.".

    What you can do is use several defense mechanisms in order to increase the deal's security.

    It's a risky deal. Prepare yourself.

  • Having gone through this two years ago, and it's looking like I'll do it again in the near future, let me suggest that you _not_ let A Big Company look before they buy.

    Instead, make some objective Representations and Warranties in the acquisition contract -- say, your server (if you have one) can handle N clients, or the software handles functions X, Y, and Z. The objective is to have a fixed set of expectations that can be proved of disproved.

    If the acquiring company wants to grab your good work for free, it will have to take you to court and prove to a judge (and maybe a jury) that your software doesn't do what you said it would do.

    My two cents ...
  • The only way to do this without bending over is to have an iron-clad contract which states that if the company does not want your code after the 45 days, then they are not to develop a competing system for the next 5 years, otherwise they will incur a payout that is 5 times the cost of the software in the first place. The same contract is to be signed by the individual engineers that read the code.

    IANAL
  • by InitZero (14837) on Monday February 25, 2002 @02:35PM (#3066064) Homepage

    'Acceptance Period' with a much larger company for the purpose of determining if they want to license the source code and intellectual property of our main product.

    Contrary to the majority Slashdot opinion, I wouldn't worry too much about the deal. Get a good lawyer who does this sort of work exclusively and you will be just fine.

    45 days isn't all that long either. We (a Fortune 500 company) often get hardware and software for months before we make up our mind. (More than once, we had Cisco gear on loan for so long the model has been discontinued or replaced before we got around to approving it for purchase.)

    When viewing source, the company viewing it is almost always in the more dangerous position. Once they see your code, should they every come up with a similar application, they will have to jump through hoops to prove it isn't based on your code. That can be very expensive.

    Usually when I do this sort of review I'm looking for clean, well-commented code and good overall documentation. I am not a programmer by trade so I'm generally not evaluating the code itself but the overall maintainability.

    Buying code from a company as small as you seem is dangerous. Often times, there are only a couple programmers who really know the application. Should they get run over by a truck or leave the company, I want to make sure that the code is clean enough that someone else (either in your company or mine) can pick up the torch and keep my business running.

    It's not enough to have an excellent product today. I want to know that the product can change with our needs. That's the real reason I want to see the code and documentation as well as the finished product.

    In summary, get a good lawyer and relax. This is common practice and a lawyer who has done it before will keep you from getting screwed.

    InitZero

  • That's totally secure, right?
  • Give them just header and binary files and not the actual code. That way they can test your software, view the basic structure of the thing, without actually having the source.

    As for white papers about algorithms/data scructures/etc, print them on non-photocopiable paper and have them sign a time-limited-give-me-your-first-born kind of NDA.

  • I've seen it... (Score:2, Insightful)

    by rootmonkey (457887)
    For awhile our company was trying to win an account from a much larger firm. We had to jump through all the hoops and detail what we were doing. They almost took the info and dump us. I think they knew they could recreate what we had but there were some other services they needed from us. Becareful.
  • by Anonymous Coward
    I've never seen this level of IP disclosure in a licensing scenario. Is it a black box or not? Who would be responsible for end-user support?

    In contrast, I have seen repeated cases where companies have not exercised due diligence in their acquisitions of technology and/or firms, in whole.

    I would propose an independent expert (mutually agreed upon), be given on-site access, to assess and evaluate the design, code, and training material. I would not provide copies of any material and/or training until the license deal is signed.
  • In a nutshell... (Score:2, Interesting)

    by candot (513284)
    I'm in a very similar situation. There are lot of ideas in these replies, many good, but many bad. In a nutshell...

    0. A lot of the posts assume you're selling them the technology, not licensing it. You've got more flexibility in a licensing situation--in most cases there is no need for them to see the code at all, just to determine if it meets their needs. (see 2)

    1. A patent is a very good idea, if you really have anything patentable. A provisional patent [uspto.gov] can be filed in a day and costs -lt $100. It lets you say "patent pending" and serves as a 12-month placeholder for a formal, expensive patent application. Even if you never follow through, or if your designs turn out to be unpatentable, if they don't know which parts are patent pending and which aren't, they'll be less likely to reproduce any of it.

    2. Are they licensing your code as an engine or piece of a larger application? In other words, can you give them just an API? If so, obfuscate the code and give them a watered-down API doc that just gives them the methods they need to integrate with their systems. The goal is to hide as much of the internal architecture and actual methodology as possible.

    3. A lawyer is essential. But, you'll never be able to prevent them, contractually, from creating a similar technology if they don't buy yours. Obviously, they need one, otherwise they wouldn't be thinking of licensing yours. You can, and should, use a contract to
    • force them to acknowledge that the information you provide is confidential, proprietary and intended only for a specific use;
    • spell out what that specific use is; and
    • restrict them from unobfuscating the code (which is not enforceable, but if you ever have to sue them, finding unobfuscated code on their servers is a lot more incriminating than just the code that they "forgot" to delete).


    4. Combine the review contract with the licensing contract. If they're serious about licensing, then make them go through the trouble of agreeing on and drafting all the terms of the licensing contract before they can touch anything. If you can swing it, spell out what specific, measurable conditions must be met during the evaluation. If they're met, the contract should allow for two options: licensing or consolation payment. If they're not met, then the contract could allow you some time (10 days, 30 days, whatever) to address the deficiency and satisfy the requirements--otherwise, you've got nothing to squawk about. While there's no such thing as a "standard" license, this approach is pretty standard.

    5. Most importantly, trust your instincts. If someone (or a company) wants to screw you, they're going to find a way to screw you. If it doesn't feel right, don't do it. Even if it does feel okay, be prepared for anything. Either way, you'll be much more savvy next time. There's always a next time.
  • OK, I really have no idea about the implications of this, or whether it is legal: Why not put a clause in your legal contract that says the larger company will have to pay any legal costs on your part should you decide to even pursue them in the courts for a possible violation... It should serve as a stark warning to them should they decide to do wrong by you - and before anyone suggests its not fair, just think about the risk you're about to take ;) you have to cover your own back.

"You know, we've won awards for this crap." -- David Letterman

Working...