Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Programming IT Technology

Protecting Your Code While Allowing Source Access? 553

foo_48120 asks: "My small development shop, myself and four employees, is taking on a fairly large job that will run a substantial part of the clients business. To protect themselves they want the source code to the project. Frankly I don't blame them. We bid aggressively to get them to underwrite our own efforts to build this code, which we plan to resell again and again. That is the basis for our company. I have no problem with them holding the source but need to make it clear that we own the code and that they have a license to use it in their business. They may at their discretion hire others to modify the code, but would still be required to pay their maintenance contract and be prohibited from reselling it or using it to run an additional business. How do you provide open source without escrow, yet protect what we are documenting up front as out intellectual property rights in the ownership of this code?"

Of course third party developers may break things and we would not be responsible for that or for fixing it without further renumeration.

Ideally, if we make them happy then we will do all future upgrades and add on modules as well. I am not worried about that. I do want to know if anyone has experience in the writing of such a licensing agreement? Perhaps they could provide me with a sample copy of their text?

Let's leave aside for now the issue of totally open source vs. closed source. There are times when you want the product to be proprietary as we do, however I want them to feel comfortable using our code so that if a proverbial plane were to fly into our building and wipe us all out then they don't go down the tubes with us."

This discussion has been archived. No new comments can be posted.

Protecting Your Code While Allowing Source Access?

Comments Filter:
  • Talk to a lawyer (Score:2, Insightful)

    by realmolo ( 574068 )
    Seriously, why are you even bothering to "Ask Slashdot?".

    This is a legal issue, you'll need legal contracts and agreements, all of that.

    Talk to a fucking lawyer.
    • by sirius_bbr ( 562544 ) on Tuesday November 26, 2002 @05:10PM (#4762107)
      Seriously, why are you even bothering to "Ask Slashdot?". This is a legal issue, you'll need legal contracts and agreements, all of that. Talk to a fucking lawyer.

      You clearly don't know the difference between what you talking to a lawyer costs, and what talking to the slashdot-crowd costs :)
      • by Anonymous Coward
        And you don't know the difference between professional legal advice and mindless techie ramblings.
      • by mike77 ( 519751 ) <mraley77 AT yahoo DOT com> on Tuesday November 26, 2002 @05:33PM (#4762366)
        yeah, it's something along the lines of one takes you money and the other takes your dignity...

      • by donutello ( 88309 ) on Tuesday November 26, 2002 @05:35PM (#4762389) Homepage
        You clearly don't know the difference between what you talking to a lawyer costs, and what talking to the slashdot-crowd costs :)

        You clearly don't know the difference in the quality of advice that a lawyer will give and what talking to the slashdot-crowd will give ;-)

        In this case you get what you pay for. Seriously, when my brother-in-law who's a realtor has a problem getting his wireless networking problems debugged, do you think he should send out an email to his real-estate buddies? What kind of advice do you think he'll get? They all usually have very strong opinions from what "they knew worked" in the past. It's also usually dead wrong. It's the same here.
        • by LostCluster ( 625375 ) on Tuesday November 26, 2002 @05:52PM (#4762526)
          Lawyers are better at telling you if what you're trying to do is going to work than telling you what to do. That's where we come in...

          Asking Slashdot will likely generate a lot of dumb ideas that won't fly legally, but it also at times generates the occasional 5-Insightful that contains the idea that neither you nor your lawyer would have thought of. Get the idea from Slashdot, run it past the lawyer, and you might just get an idea that would not have been used otherwise.
          • Asking Slashdot will likely generate a lot of dumb ideas that won't fly legally, but it also at times generates the occasional 5-Insightful that contains the idea that neither you nor your lawyer would have thought of.

            Unfortunately, a large number of "5-Insightful" comments on /. should have been "-5 Dead Wrong".

            Voting is a lousy way to arrive at the truth.
    • by lpret ( 570480 ) <lpret42@@@hotmail...com> on Tuesday November 26, 2002 @05:15PM (#4762169) Homepage Journal
      Ok, I singled your comment among the many "Go talk to a lawyer" comments because you asked seriously. And I will answer seriously.

      Many of us at Slashdot have been in similar situations. As such, we know there are certain details to keep in mind regardless if the use of a lawyer or some other type of consultant is necessary. For example:
      I play rugby and in a recent match I landed on my foot wrong and parts of my foot went numb. Now, I asked some friends of mine and what do you think they said? "Go talk to a fucking doctor?" No, because they have had past experience with similar situations. They gave me anecdotes about past injuries they had, how they felt, etc. some of which helped, some did not.
      Now this is the same here, all of the info given here may not be helpful, but the few comments that are made could tremendously help the person asking the question. So please, if you have something to say about the situation, say it, if you don't, try to help in whatever way you can -- remember, we're a community here.

      • by L. VeGas ( 580015 ) on Tuesday November 26, 2002 @05:26PM (#4762288) Homepage Journal
        Well my past experience is this:

        Go ahead and give them the code. When they start modifying it, taking it to 3rd parties, and using it at other businesses, stare at the ground and tremble your lower lip. That night, get into an argument with your wife and kick the dog.
      • remember, we're a community here.
        I think you're confused: this is Slashdot. We eat our wounded.

        Damn the Emperor!
      • The problem is, there is no information that the Slashdot community can give you about legal situations that could be useful. Lawyers aren't allowed to answer (essentially) at all unless they are retained as council. The asker is certainly going to need to speak with a lawyer; period. Why not skip the uninformed legal advice and skip straight to the people who can help navigate the situation. Now, "Does anyone know a good lawyer for handling cases such as blah blah blah" would be a great slashdot question. If it's just for fun and to share anecdotes, that's fine too, but I'd probably stick that into the question somewhere just to avoid the "talk to a lawyer" contingent.

        Well, theoretically of course; they will still be there, since tons of people wouldn't actually read the question. I'd suggest putting "I ALREADY HAVE A LAWYER AND AM JUST POSTING THIS FOR INTERESTING AND FUN ANECDOTES" in bold at the top. Although I'm not sure about the wisdom of discussing potentially private legal strategies in public...:-)
      • by plover ( 150551 )
        The difference is that when you're talking contract law, the devil is most certainly in the details.

        Your foot will probably heal by itself. It might heal faster given certain generic treatments (ice, stretching or immobilization or whatever.) And if it doesn't get better in a couple of weeks, you go see a doctor anyway, who goes "tsk, tsk, you should have seen me last week" but fixes you up all the same.

        But the contract that he writes and signs will effectively "own" his business and the payrolls of four other people for the next year. If he forgets to dot a legal 'i' or cross some legal 't', a troubled client might take serious advantage of him. Hiring a lawyer to draft the contract will help cover those clauses that might otherwise expose him to some unforseen liabilities.

        I'm not saying that his client is shady, or that he isn't honest. I'm saying keep in mind that three years ago every dot-com had a million dollars of venture capital to fund these projects. These days, money is not so free and customers may have their financial situations change. If his client starts feeling the money belt tighten, this guy had better have an airtight contract to make sure that 1) he gets paid for work he does; or at least 2) he can stop working if he doesn't get paid.

        The Slashdot crowd will no doubt have some ideas regarding coverage of intellectual property, and I'm sure that's what this guy wants to read. But he needs to spend a few dollars on a decent contract lawyer to ensure that his company's future isn't thrown away by a PREVENTABLE turn of the die. Isn't protecting a million dollar investment worth $5000?

    • by IanBevan ( 213109 ) on Tuesday November 26, 2002 @05:23PM (#4762258) Homepage
      Talk to a fucking lawyer.

      ...although bear in mind that a lawyer engaged in copulation may not have his/her mind completely on the job.

      • ...although bear in mind that a lawyer engaged in copulation may not have his/her mind completely on the job.

        Not a problem - screwing is part of their job description.

    • Talk to a fucking lawyer.
      The question doesn't say that he DIDN'T talk to a lawyer.

      First we're talking about IP, copyright, and trademark. You don't talk to 'a lawyer' becuase most lawyers pass the regular Legal Bar and not those for IP, which are much more difficult.

      Second, this kind of issue is best discussed with slashdot AND a lawyer, AND newsgroups, AND maybe a second lawyer.

      Third, (I agree) -- talk to a lawyer . :) I have worked with IP lawyers who do non-profit work for free, and personal work for very low cost ($10/hr, more or less). This sounds like you are getting professional work done, but IP lawyers aren't that expensive.

      Most of us think of 'Hiring a Lawyer' as an unattainable task, or costing thousands of dollars for extensive work, like is done in court cases. Finding an IP lawyer is easy. Look in the phone book, call the people who don't have full-page ads, and find one that charges between 25-50 per hour and specializes in IP. Find a small business with several lawyers and a single receptionist that has a low, reasonable hourly rate for small projects like that.

      In this case where there was extensive bidding going on for the project, the small cost of $200-300 for a day with a competent lawyer should have been included as part of the bid. They probably should have spent $50-100 for a morning with the lawyer while working on the bid, just in case.

  • by Jerry ( 6400 ) on Tuesday November 26, 2002 @05:04PM (#4762035)
    I ran my consulting business under the same premis for 15 years. The contract they signed with me included, among other features, their right to the source code with the restriction that they could not use it as the basis for competition against me. Terms included where a conflict could be ajudicated, the amount of damages, etc...
    • by AndroidCat ( 229562 ) on Tuesday November 26, 2002 @06:51PM (#4763020) Homepage
      A contract like that that can work -- if they know that you can and will have a lawyer sue them if they violate the agreement. (You don't have to make threats, just let them know that you have the resources to do so, and your lawyer isn't Clippy. "I notice that you're trying to sue someone...")
  • Escrow (Score:2, Informative)

    by gengee ( 124713 )
    We have a similar situation where I work - We've handled it by putting the code in the hands of a third-party escrow service. If we disappear, they get the code. Otherwise, they don't get to look at it.
    • Re:Escrow (Score:5, Insightful)

      by p3d0 ( 42270 ) on Tuesday November 26, 2002 @05:09PM (#4762081)
      That's not a very good answer to the "How do you provide open source without escrow" question, now is it?
    • by Bruce Perens ( 3872 ) <bruce@perens.com> on Tuesday November 26, 2002 @05:34PM (#4762382) Homepage Journal
      Your customer is smart.

      Conventional escrow doesn't work when customer needs it - when your company fails. A bankruptcy judge will review your company's assets, and may find that the source code is the only marketable asset, and must be preserved for your debtors. Judges have voided escrow contracts in order to maintain the remaining value of the company.

      Thus, your customer is wise to ask for the source up front. And if your company is bankrupt, it's not going to matter much to you - except that you'll know you didn't screw the customer.

      You need a lawyer. It's a pretty simple contract, once you've explained the parameters.

      If you want to use Free-Software-friendly attorneys, I can direct you to several, but pretty much any attorney will do.


      • Yes, our contract basically grants 'unlimited use' of the code to the client in the event of insolvency, but specifically prohibits selling. Thus, the escrow doesn't obviate the ability of the company to list the code as an asset in Chapter 7.

        If your company has no problem with opening the code to your clients /before/ insolvency then the issue is even simpler. I fail to see why whatever standard 'use license' you use currently wouldn't work...
  • a lawyer (Score:5, Insightful)

    by mosch ( 204 ) on Tuesday November 26, 2002 @05:05PM (#4762043) Homepage
    you protect your code with a lawyer, who writes up a contract that says that they're only allowed to use it in the agreed upon ways, and that's that. They'll probably obey it, and if they don't and you catch them, you can sue them and collect your due royalties, plus punitive damages of course.

    When it comes to selling source code, that's the only method that works.

    • Instead of relying on the courts, make them take out a bond payable to you upon a pre-determined proof of contract violation.

      It's a hell of a lot more bulletproof than the courts, and oftentimes bond issuers will make them put up some hard assets as collateral (property, buildings, tools, or a big cash percentage) which is no big deal if they're honest, but fucks them right in the ass if they're not.

      The bond issuer will be legally required to pay the bond based upon the contract surrounding the bond's payment terms, but they don't care that much since they've got the pink slip to the factory. Sure, they'd rather not liquidate the factory, but that's the business they're in and they're good at it.

      Jury trials are a huge hassle, and even if you're right you don't always win, and even if you win you lose due to costs, delays and lame jury awards (contract to Republican fear mongering, they're not always generous).
  • by Xerithane ( 13482 ) <xerithane@n e r d f a r m . o rg> on Tuesday November 26, 2002 @05:06PM (#4762053) Homepage Journal
    ... How do you provide open source without escrow, yet protect what we are documenting up front as out intellectual property rights in the ownership of this code?"

    First off, find out that what you are talking about is not open source. If it was open source, or a compatible license, than your client company would be free to redistribute.

    Second, it's called a contract. And lawyers. Slashdot is neither. Just (have a lawyer) draft a contract specifying exactly what can be done and saying anything not listed is expressly forbidden unless written permission is granted.

    • by kfg ( 145172 ) on Tuesday November 26, 2002 @05:53PM (#4762531)
      of "Open Source" in a dictionary, making the exercise pointless, he is likely to find many other words in there.

      For instance, after modifying the code his firm is indeed likely to renumerate it, i.e., give it a different version number.

      For doing this his firm will expect to be *remunerated.* It's from the Latin remuneratus, derived from munis, from which we also derive the English words "munificent" and even "money."

      ( Munis is a gift, to remunerate is to *re*gift, i.e., effect an exchange)

      This note brought to you by the ever hated Slashdot Lexical Patrol ( also known as SLaP), who believes that language is form of code and believes code should be well formed, it's terminology and functions properly called and invoked and even. . .gasp, beautiful.

      Our patron saint is William Strunk, Jr., along with his acolyte E.B. White and our Demigods include such figures as Gibbon, Thoreau, Conrad ( who managed in a "foriegn" language no less), Yeats, Voltaire and Kipling ( The OS booted up like thunder!).

      Just as Knuth is ( and should be) venerated, so should geeks venerate and study the "code" of these honored figures.

      We all write faulty code at times. It's no shame to have to debug and reversion. . .or even have our code corrected by an outside party if that's what it takes to make beautiful code.

      In fact, I rather imagine that some of the more ironically inclined are about to take a hearty whack at this missive itself.

  • This seems obvious to me. Come up with a license agreement for the source that specifies what your customer is allowed to do with it. The restrictions you outline seem reasonable, you want to protect your interests, they want to protect theirs. Hell, get a lawyer to draw up the contract for you, and you will have legal recourse if the company breaches the contract and tries to sell a competing product.
  • Simply make certain that whatever license you offer them does not include permissive privileges. Then make certain that the exclusions are obvious: both orally and in writing. This, of course, won't prevent them from trying to screw you anyway, if that's what they want to do. However, if you have clear and present documentation both outlining the rights, and the lack thereof, you will have an open and shut case in court. Do make certain that you don't do this under a work-for-hire clause. This *grants* them all rights. And for goodness sakes, get some legal counsel. Sheesh.

  • Contractual Clauses (Score:5, Informative)

    by il_diablo ( 574683 ) on Tuesday November 26, 2002 @05:07PM (#4762068) Homepage
    Look into a Exclusive Use [gag.org] rights clause in your contract. There's nothing saying that you can't agree to let them use the software and have a copy of the source as a deliverable. However, you can limit their ability to resell/reuse the component.

    Additionally, create an Intellectual Property clause in the contract spelling out specific ownership rights/responsibilities.

    Insert IANAL comment here.
  • This seems bad... (Score:3, Insightful)

    by sterno ( 16320 ) on Tuesday November 26, 2002 @05:08PM (#4762077) Homepage
    They may at their discretion hire others to modify the code, but would still be required to pay their maintenance contract and be prohibited from reselling it or using it to run an additional business

    So, you've got the possibility that you'll be responsible for supporting the product even though other people are modifying it? How are your people going to have expertise in the work being done by these others?
  • by Valdrax ( 32670 )
    A) This is not open source you're talking about at all. You don't understand the term, obviously, or are abusing it to somehow seem relevant to Slashdot.

    B) This is purely a legal question. Ask a lawyer. It's all a matter of the contracts. The first company I worked for did exactly the same thing for one of their product lines, a COBOL-based transaction processing system. You got the code, but if you wanted support, you had to pay us. You couldn't resell the code without getting your ass sued off. It's just that simple. There is no technical solution to it. You just make it very clear that you can take them for all they're worth if they resell your code.

    Get a lawyer. Leave the work to them.
  • I am not a lawyer and this is not legal advice.

    You need to see an IP lawyer. He will tell you to write an agreement then he will revise it. He will include provisions in the agreement that spell out your protection under copywrite, trade secret and licensing issues.

    You really do need to get a lawyer for this. I've written many agreements myself and am good at it, but would defer to a lawyer on this one.

  • by Tim_F ( 12524 ) on Tuesday November 26, 2002 @05:09PM (#4762086)
    They are paying you to code something for them. You are a contract firm. What you code for them is their property. Would you get to keep your code if you worked for a company? No, the code would belong to them. This company is paying you for the code, and so, when you are done, then the code belongs to them. They lose their monetary investment if you get to keep the code and resell it to their competitors.
    • I disagree. The company is contracted to deliver a product (a compiled and working program or perhaps a license for that). All the knowledge they gather during the construction of the product belongs to this company. The source is a reflection of that knowledge. Giving away the source is just an extra 'service', so the client has the opportunity to make future adjustments to the product.

      Then again, I could be completely wrong here.

    • by Phillip Birmingham ( 2066 ) on Tuesday November 26, 2002 @05:28PM (#4762315) Homepage
      This company is paying you for the code, and so, when you are done, then the code belongs to them.

      Wrong. The company is paying you for whatever the contract says they are paying you for. No more, no less.

    • by JLavezzo ( 161308 ) on Tuesday November 26, 2002 @05:30PM (#4762341) Homepage
      If I'm an architect and design a house for you, you get to live in the house. But if an architecture magazine publishes an article on it, I get the royalties, not you. And it's my reputation as an architect that is improved.

      The actual issue here is, "How much is the client paying for?" Are they buying use of the end product? of course. Are they buying all rights to and use of the design or source? Probably not all rights and use. So, therefore, the challenge is to work out an equitable and profitable distribution of rights and use between the original client and the artist/programmer.

      This post is asking, "What are the methods that are established for describing who gets which uses and rights on a piece of software that was part of a custom contract?"
    • Guru.com has something else to say. [guru.com] They say if you are not an employee, you keep the copyright to the code. The people who pay you to develop it are granted a nonexclusive right to use what you've created. The fact that they get something that accomplishes their goal is their monetary investment coming back to them. Not the right to sell and resell the code to make millions while paying you a few thousand.

      That's just what guru.com says, and it is always best to have everything in writing, and it is always best to consult a lawyer, not a site like guru.com (or even slashdot.org, although we all love pointing out this fact every time this question arises over and over!)
    • I'm getting married next year, and my fiancée and I, like most couples, are hiring a photographer.

      We hired the photographer to take OUR images, when TV news crews do that, they need to have you sign a release to use the footage. Your likeness belongs to you, and no one else.

      For $5000 you'd think we own the photos right? WRONG! The negatives are held by the photographer. Each photo has a "Do not duplicate" stamp on the back....nice huh?

      I think i'm going to start charging my clients for all the computers and network gear I install, but i'm going to have them sign an agreement saying I own the gear, and they have to pay me to make any alterations to the network or systems! Can you imagine that?


  • by SmoothOperator ( 300942 ) on Tuesday November 26, 2002 @05:09PM (#4762093) Homepage
    If you offer them outstanding service and support throughout the time they use your product, they will come back over and over again to you. They will want you, and only you to maintain the code, as well as to provide upgrades. If you start jacking them up, have poor business relations with them, they will look for alternatives, and they will take your code, no matter how many clauses you place in your EULA.
  • by Anonymous Coward
    I negotiated with people similar to your firm MANY times and got source code that I changed on occasion but mainly just overviewed what I was being billed for.

    I have FULL source to the entire PRIME operating system (Primos), and full source to many things I ran on that mini-computer mainframe.

    I had full source to ADP's Manage 2000 system. (over 100,000 dollars per copy per machine)

    All sorts of things.

    I did some amazing hacks and rewrote some crital bits, but mainly I wanted the source because only an idiot would trust a rinky dink outfit like yours to follow up on an escrow arrangement if you went belly up.

    deal with it.... your precious source means NOTHING to the customer but comfort. YOu can salt it with lots of identifying special lines and variable names and sue for millions if they ever give it to someone that cares about your damned source.

    No one is going to exploit you... they will merely see if you are billing correctly for mods.

  • Trust (Score:5, Interesting)

    by bytesmythe ( 58644 ) <.bytesmythe. .at. .gmail.com.> on Tuesday November 26, 2002 @05:09PM (#4762098)
    Technically speaking, there really isn't any way to prevent this. If they are to have maintenance access to your code, then there is no way to keep them from giving the code to someone else.

    The only thing I can think of that might work would be to add extensions to the language you use (like extra keywords) and provide your own closed-source compiler, which is hobbled so it only works on the original system, perhaps with some kind of hardware dongle, or net connection that connects to your server to verify the compiling machine's serial number and some cryptographic key.

    This wouldn't prevent it from being hacked, but it might make it difficult enough to make the prospect less likely.
    • Re:Trust (Score:3, Funny)

      by argel ( 83930 )
      The only thing I can think of that might work would be to add extensions to the language you use (like extra keywords) and provide your own closed-source compiler, which is hobbled so it only works on the original system, perhaps with some kind of hardware dongle, or net connection that connects to your server to verify the compiling machine's serial number and some cryptographic key.
      This wouldn't prevent it from being hacked, but it might make it difficult enough to make the prospect less likely
      And if they did hack it you could have the FBI pay them a visit for violating the DMCA!
  • Copyright Law... (Score:4, Insightful)

    by loucura! ( 247834 ) on Tuesday November 26, 2002 @05:11PM (#4762112)
    Assuming you are in the United States, your work is still covered under US Copyright law. Just because you are giving them access to the source code, does not give them redistribution rights, or the right to make a derivative without expressed permission.

    So, all you should need is an (C) Your Co.
    All Rights Reserved.

    If that doesn't work, a handy lawsuit works wonders.
    • It DOES give them redistribution rights, actually, under the First Sale doctrine. The same rule that lets you buy a book or CD, then sell it used.

      It has to be the same copy as originally purchased, and you couldn't keep a copy of that for yourself, but it could be redistributed.

      They may also be able to create a derivative work if it is sufficiently remote from the original, as well as make fair use of it, etc.
  • too late? (Score:2, Interesting)

    Shouldn't you have figured this out before even writing the first line of code? The fact that they want source code is a pretty good indication that they think they "own" the software you are developing for them. And that makes a lot of sense since I don't think that any company is going to finance the development of software that will end up potentially benefitting the competition. You better get yourself a lawyer and send her every scrap of documentation and agreements you have with your client to make sure you understand the situation you are in.
    • Also, take a long, hard look at the contract you signed with the client... and I mean, a *hard* look. Do you see the phrase "work for hire" anywhere?

      In other words, call your friendly contract attorney.

  • ...your code will be safe and warm.

  • My company (Score:5, Informative)

    by RudeDude ( 672 ) on Tuesday November 26, 2002 @05:13PM (#4762147) Homepage Journal
    My company (I'm a founder and co-president) has dealt with this type of things many times. The bottom line has been we put a license and ownership statement in the contract.

    There are two basic ways (as we see it) to do this. Keep ownership and grant a license that has a specific list of allowed uses or just the reverse where you give them ownership but retain specific license for yourselves.

    You can usually make it work as you need it with either party having ownership, since ownership just means they have final say, can change the license, and get any non-specified (default) rights.

    Keeping in mind this is only one small part of the whole contract and I don't promise this is safe or useful for you as it is... here is a paragraph right out of our standard contracts:

    (b)Grant of License. Steem hereby grants to Client, upon the terms and conditions set forth in this Agreement, a non-transferable, non-fee bearing, single use, worldwide right and license, without the right to sublicense, for software developed by Steem for use with the Web Site. Any artwork, graphics, or designs created to Client specifications for use in the Web Site become property of the Client upon the Web Site Launch. However, Steem retains the right to display any created artwork, graphics, or designs as part of Steem's portfolio of design work. Steem retains sole rights and ownership of all interactive code. The provisions of this Section 7 will survive indefinitely regardless of the completion or termination of this Agreement.

    • Re:My company (Score:3, Informative)

      by jmcharry ( 608079 )
      Having been on the other side of a number of these, that is a good start. We usually wanted the right to make and use as many copies as we wanted inside the company, and the rights to read and modify the source. Sometimes we granted an unlimited license to the modifications back to the original vendor if they wanted to add them to the maintenance bundle. Starting with something like this boilerplate and keeping an open mind to modifications from both sides can produce a fairly detailed list of rights, but one that avoids any disputes in the future. Sometimes, if the vendor doesn't want to cough up the source code, there is an agreement to put a copy in escrow with a third party in case the vendor goes casters up. I can recall once when we did this. Turns out the working level people on both sides just shared the source anyway, which wasn't a problem.
  • Redundant I know, but if enough people say it you might believe it. Get a lawyer. The only way to resolve the issue if it comes up is through a lawsuit and when that happens you are going to want to have an airtight case.

    Get a lawyer.
  • For what purpose? (Score:3, Insightful)

    by perrin5 ( 38802 ) on Tuesday November 26, 2002 @05:18PM (#4762194) Homepage
    Here's a question for you:
    You said "for their protection". Protection from what, precisely?
    If they are concerned that you, as a company will cease to exist, and they will no longer be able to modify their code, then the previously mentioned escrow service should be perfectly fine with both of you. If this is another issue, the question of relevance comes to mind. If they want it to be sure that the software is "secure" from buffer overflows, etc, then you will need to hire a lawyer and write some sort of ironclad document to make sure they can't steal it, sell it, or claim any royalty fees on it. If they want it for any other purpose, I don't see them having a ligitimate claim to the software. I mean, sure, they're your employers, but unless there was something funny in the bid documents, they probably don't have any "right" to see the code.
  • ...you need a lawyer. And probably not the cheap kind. Asking a bunch of anti-Microsoft zealots and Star Wars fans this kind of question can only lead to heartache.

    More seriously, this really is a legal problem. I don't know if you were looking for a technical solution or not (I got the impression you might be), but the short answer is that it doesn't exist - once they have the ability to look at the source, it's a matter of their honesty and your ability to detect and prosecute infractions.

    If you must try a technical solution, you could maybe attempt some kind of crypto-escrow: They get the code encrypted, and if they ever want to look, they have to buy the key - or if your company folds, you are contractually bound to give it to them gratis. But you'll probably have trouble getting your client to go for that, as it really doesn't offer them any advantage over you just giving them the source (except perhaps some liability protection).

    Good luck,
    - B

  • by gsfprez ( 27403 ) on Tuesday November 26, 2002 @05:19PM (#4762213)
    I don't mean to sound flippant.. but i'm in a line of work where, when i work during the day, i assume that that work is done, and that tomorrow, i'm going to get paid for working tomorrow.. and not to keep getting paid and repaid for the work i did last week.

    Is the concept of "pay me for work" completely dead? Must everything be "pay me for work, and keep paying me for years later too?"

    Why do you not just simply charge them for getting a job accomplished, and then, if they want you to come back, tell them it will cost them more money?

    If you think that there is something to your work, and if the source code get distributed, then you may see that others will want to pay to have you come and work for them to help them integrate whatever it is that is so wonderful that you wrote up.

    What you sound like you want is "pay us now, but we want to hold our code hostage so that any time someone uses it, you want to get paid."

    If you were to ask 3 times as much for your work, and they got an unlimited use of your code, would that be sufficient?

    IANACIAAA (I am not a coder, i am an analyst), so please, this is not a "you suck" post.. this is an honest question.... where does my idea fall flat, if it does, please tell me, i want to be educated.

    So that you can get a sense of where i'm coming from.... what i do every day is i sell out my brain power (and those of my partners here) by the hour.

    I get paid to give someone a analysis of this, or an analysis of that... and i tell them "that will take 6 months and cost you $100,000". My reputation is good, so i get more people to come back to me and keep hiring me to do more work for them.

    I do not hold my output hostage.. .i give it freely to the companies, and their use of it is what they will of it, except that they must reference the writer - me - when they use the data. They are not allowed to say "this analysis was done by us" I only ask that they say "this analysis was done by gsfprez".

    What else they do with the data, i don't care, and its not my business....I have gotten plenty of work simply from others seeing my output, and they were impressed.

    My customers always have new problems, and i'm here to help them when those problems come up. They also have partners, and so, they come to us for help because they saw what were were able to accomplish.

    When they do, they ask me how much it will cost.... they pay us then....

    rinse, lather, repeat.
    • by JordoCrouse ( 178999 ) on Tuesday November 26, 2002 @05:43PM (#4762459) Homepage Journal
      Is the concept of "pay me for work" completely dead? Must everything be "pay me for work, and keep paying me for years later too?"

      Why do you not just simply charge them for getting a job accomplished, and then, if they want you to come back, tell them it will cost them more money?

      In a business situation, its never about just paying for software, and you are done. Nobody wants to pay $100,000 dollars for a chunk of software, have a CD arrive in the mail, and have that be it. They want the peace of mind of knowing that bugs will be fixed, support will be offered, and most importantly, that the expertise of the developers will be available to them if they choose.

      No offense, but this isn't just a report or some finite amount of data that you provided. This sort of thing always goes way beyond just delivering a binary.

    • There's a huge difference between a programmer and an analyst, as you describe it. Programmers create an eternal product, that is source code that solves a particular problem. Often, problems are recurrent and the same solution will work in an infinite number of cases. If you have access to the source code, it can be adapted to meet the changes in problem parameters. Some programmers can make it their life's work to maintain a single solution-giving set of source code, and get paid well to do so.

      Analysis of a problem doesn't solve anything directly, so you work in a service-oriented field. It's information to be used or not used, but at the end of the day, you haven't solved the problem being analyzed. They might hire 20 analysts (wastefully) to provide insight or estimates, and they might all disagree, and they won't have solved the problem. However, after a programming team does their work, the problem is solved now and forever. Programmers are content/solution producers. Analysts are not.

      I'm not judging either field. I'm simply stating that your analogy and your plea for "A Day's Pay For A Day's Work" is meaningful ONLY in a service oriented profession. Otherwise, you'd have musicians that could never get paid more than once for making a recording, and authors that would always get paid one time for a book, or programmers that could never sell the same software several times. Do you see the difference?
    • by rabidcow ( 209019 ) on Tuesday November 26, 2002 @06:19PM (#4762796) Homepage
      Is the concept of "pay me for work" completely dead? Must everything be "pay me for work, and keep paying me for years later too?"

      It's not that, it's distributed payment for work. It's "I want to be paid in full, but they don't want to pay that much so we'll compromize."

      Let's say a coder produces a program at $100/hr and it takes 4,000 hours. This will cost $400,000. No one wants to pay $400,000 for that software. This company in question specifically does not want to pay $400,000.

      So what do you do? You sell it to them cheaper and say "but you can't sell this to anyone else, because you haven't fully paid me for it."

      It's like a rental, except it's not time based because no one ever has to return it. Instead, it's instance based. You rent x copies of the code, forever. To be fair, they should be able to sell their copies so long as they stop using them (and don't sell more than they've bought).

      Now eventually the coder may have made the full cost of the software, been fully compensated. They could release it for free after this, but software isn't a sure bet. You can have one product make a substancial profit and have another be a total loss. If the potentially profitting projects were cut off when they had been fully paid, all software companies would lose money.
  • by Flamesplash ( 469287 ) on Tuesday November 26, 2002 @05:19PM (#4762214) Homepage Journal
    First off there are other companies that "license" their source code, like ICS [ics.com]. You could always find one of these companies and ask them how they do it.

    Second, this does simply sound like a licensing issue. You trust your customers not to hack the license keys for the binary form of your product, or to redistribute it. So perhaps it's all about trust....
  • answer (Score:4, Funny)

    by mr_gerbik ( 122036 ) on Tuesday November 26, 2002 @05:22PM (#4762235)
    "How do you provide open source without escrow, yet protect what we are documenting up front as out intellectual property rights in the ownership of this code?"

    By hiring yourself a good lawyer.. and not taking law advice from a bunch of pimple-faced /. know-it-alls.

  • Sure, I may be flamebait for this. Maybe. But if you used Palladium (when it comes out), then you could maybe protect it from modification. That doesn't mean they can't mod-chip the computer somehow or simply print it and scan it back in. But if they were just looking over the code to check for security problems, using Palladium or just giving them a hard copy could help. I mean, if the code is 50,000,000,000 pages long it's not likely they're going to go back and steal it... [end rambling]
  • I think that I can help, but I need more information.

    Can you send me a copy of the code in question and I can get back to you on what to do.

    Warmest Regards
    Guy Montag
  • by grub ( 11606 ) <slashdot@grub.net> on Tuesday November 26, 2002 @05:25PM (#4762276) Homepage Journal

    GPL: The Guido Public License


    The licenses for most software are designed to take away your freedom to share and change it. By contrast, the the Scarpelli family's Guido Public License gives you more freedom with the benefit of protection for you, your family and your business. The Guido Public License applies to most of the Scarpelli Family Software Foundation's software and to any other program whose authors commit to using it. (Some other Scarpelli Family Software Foundation software is covered by the Guido Library General Public License instead.) You can apply it to your programs, too.

    Accidents, fires and floods happen. The Guido Public License protects you.

    We protect our rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy and distribute the software.

    Failure to abide by the rules of any of the Guido Public Licenses will mean a visit from Guido Scarpelli himself.

    You don't want that.

  • I assume you are not asking how to do this, for that you need a lawyer, but asking if it is doable. The company I work for develops custom software and provides source licences.

    In one case, client has the source, but the company owns the rights and if the client modifies it, all warranties are void.

    In another case the client has the rights to use the code, but pays a license fee for each instance. Yes, you can have your cake and eat it too.
  • Yes, it's yet another entry in a long line of 'Ask Slashdot' articles that should have been entitled 'Ask My Paid Legal Counsel'.

    It's really quite simple: you have complicated legal requirements. Therefore, you require a well-paid lawyer who understands the legal implications of what you're requesting, to write up a detailed unambiguous contract.

    /. will give you a bunch of one-liner responses and general advice, but that's about all we can do for you. We Are Not A Lawyer.

  • by nsayer ( 86181 ) <nsayer @ k f u . c om> on Tuesday November 26, 2002 @05:31PM (#4762348) Homepage
    Open source implies that they have all the rights you specifically say that they will not be granted. Your scheme is closer to Microsoft's Shared Source scheme, or what we often refer to as "source under glass" - Look, but don't touch. Source, yes; open, no.

    I'm sure there will be those here who will take an activistic viewpoint and urge you to do something different. I will not. You have every right to release code under any terms and conditions you may legally obtain, and more power to you. But my opinion is that you ought not use the phrase "open source" unless it meets the OSI mark requirements (which your plan most certainly would not).
  • There are two sides to this question: a pragmatic question and a legal one.

    Pragmatically, if you provide them the source, there is no practical limit to their ability to modify, redistribute or sell the code.

    Therefore, it falls back upon the legal system: you need a contract that you can both agree that protects the intellectual property rights
    that you think are important to preserve.

    Of course, none of this has even the tiniest bit
    to do with open source. The restrictions on
    modifications and redistribution that you seek
    are explicitly disallowed by any definition of
    open source licensing you are likely to run accross.

    Frankly, I'm unsure why any business would pay
    you to develop software that they integrate into
    their business but for which they retain few
    rights in the future, but you might be able to
    hoodwink them into such a circumstance.
    It probably would be easier to get them to agree to
    a true open source license, where both parties
    retain the same rights to modification and redistribution

  • > How do you provide open source without escrow,
    > yet protect what we are documenting up front as
    > out intellectual property rights in the ownership
    > of this code?"

    This has nothing to do with Open Source. You're just looking for an ordinary source license such as companies have been using for decades. Hire a lawyer.
  • by dubbayu_d_40 ( 622643 ) on Tuesday November 26, 2002 @05:36PM (#4762392)
    Add a clause to your license/contract preventing the sale or redistribution in source or binary form. Don't get a lawyer. Find an existing clause and paraphrase it.

    An honest client simply needs to know the rules. If they are unsure of your intent, their lawyer will ask you to clarify.

    Even if you got a lawyer to write it, a crook isn't going to care...

  • by JeanBaptiste ( 537955 ) on Tuesday November 26, 2002 @05:42PM (#4762452)
    Thats my job-security. Nonsensical variable names, meaningless functions etc... It would be a nightmare for even a very experienced programmer to decipher some of my source codes, especially for larger programs... So spaghettify the source code then give it to them. In 5 years when they figure it out it probably wont matter much by then, as it would be quicker just to re-write it from scratch.
  • by jimmajamma ( 315624 ) on Tuesday November 26, 2002 @06:31PM (#4762882) Homepage
    if you can believe that... its amazing how someone asks a simple question, looking for input, and all the majority of slashnerds (no offense, im one of them) can do is flame about what the previous nerd said. Get back in your cage.

    This is an excerpt from one of our (my small consulting firm) contracts, where we are trying to achieve something similar, but unfortunately not exactly the same. I think it will help though.

    For background, in this case, we were trying to maintian rights to the tools we developed, on the clients time, as ours, while they maintained rights to the end result - the product(s). This was to protect us for being good consultants, not building everything from scratch, as well as spending time to build reusable tools to help us build the product faster and better, and make maintenance and continuing development simpler.

    I can post more of the contract if necessary, but I think this is the most pertinent.

    Also, to all the "get a lawyer" folks, although you are right, he should, when drafting this contract, it was very helpful, and much more economical, to start with a contract that was similar to what we wanted and to make modifications, than it would have been to start from scratch. Lawyers are expensive.

    8. Deliverables.

    8.1 Work for Hire. The Consultant acknowledges that the Company is retaining the Consultant's services to, among other things, provide and/or produce original works for the Company, under the Company's direction and supervision, as identified in properly executed Statements of Work incorporated into this Agreement. The Consultant hereby assigns to the Company all right, title and interest in and to the Deliverables as "works made for hire."

    8.2 Transfer of Rights. The Consultant acknowledges and agrees that the rights purchased by the Company comprise all rights in and to the Deliverables of every kind, nature and description, including, but not limited to, (i) the Deliverables themselves; (ii) the right to secure copyrights and/or patents thereon anywhere throughout the world, in the Company's name or otherwise; (iii) any and all publication rights therein in whatever form; (iv) the right to use, license, exploit, sell or otherwise dispose thereof in any manner and for any purpose the Company or its assignee sees fit; (v) any and all subsidiary rights therein; and (vi) a right of first refusal to obtain, upon terms equal to those offered to any third party, any and all rights therein which may revert to the Consultant by statute or otherwise.

    8.3 Grant of Rights to Consultant. The Company hereby grants to the Consultant a perpetual, non-exclusive, worldwide, royalty-free right and license to use the Deliverables in connection with the Consultant's conducting of its internal business and in order to facilitate the Consultant's providing services to the third parties; provided, however, that the Consultant may not sublicense such rights to any third party without the Company's prior written consent.

    8.4 Assistance in Obtaining Rights. The Consultant furthermore agrees that, for a period of one year from the expiration or termination of this Agreement, it will execute any documents, give testimony or do anything reasonably required by the Company, at the Company's expense, to assist the Company in obtaining, enforcing, and/or renewing copyrights and other legal protections for all Deliverables hereunder created and/or developed. The Consultant will be compensated at Consultant's then current rates.

    9. Tools.

    9.1 Ownership. The Company acknowledges that in the course of developing or implementing the Deliverables, Consultants may develop certain software or methodologies for the development, maintenance, or support of the Deliverables ("Tools"). Tools are not required for the intended use of the Deliverables, but merely assist in the maintenance, development, or support of the Deliverables. Notwithstanding anything to the contrary in this Agreement, Consultant will retain and own all right, title and interest in and to the Tools, including, but not limited to, copyright rights.

    9.2 Grant of License to Company. The Consultant hereby grants to the Company a perpetual, non-exclusive, worldwide, royalty-free right and license to use the Tools in connection with the Company's maintenance, development, or support of the Deliverables and other Company development efforts outside the scope of the Agreement. The Company and its successors shall not sublicense, assign, provide or sell the Tools to any third party.

  • by Timothy Brownawell ( 627747 ) <tbrownaw@prjek.net> on Tuesday November 26, 2002 @06:36PM (#4762927) Homepage Journal
    Why not let them have the code under standard copyright law? No extra EULA, no extra license. My understanding is that this would let them change it as needed, but not sell/give away your code, or the modified version.


  • GPL (Score:3, Interesting)

    by hackus ( 159037 ) on Tuesday November 26, 2002 @07:44PM (#4763512) Homepage
    My company GPL's everything we write.

    We only charge access to the cvs server (basically a subscription).

    This is for companies who find they want to manage the code themselves, or hire thier own programmers.

    IN the end though, you still need programmers. Whether it be us, or someone else, they will have to contribute those changes back into the community.

    So, many companies stick to component subscriptions, and then use the API's against software they write explicitly, which is private.

    Very similiair to what Nvidia does right now with XFree86.

    The company gets too keep thier software process unique, and fundamental to thier business edge. (i.e. nobody can buy the process they use...)

    While at the same time, the components they use to power that software get updates from said company to our cvs server for others to use.

    Very nice arrgangement. I haven't found any company yet that has had an issue with the GPL cvs server arrangement we use.

    We are a component company.

  • by RobinH ( 124750 ) on Tuesday November 26, 2002 @09:57PM (#4764380) Homepage
    This is a very common issue at the company I work for. Any company that does custom engineering work (we do computer hardware, electrical design, installation, and of course software) for more than a single customer MUST retain ownership of their code simply because you can't afford to rewrite all of your software every time you get a contract with a different company.

    When we quote a project, we do it based on the amount of work it will take to accomplish it, but we don't sell them hours of engineering work. We sell them a working system. If we budget 500 hours and it takes 1000 hours to write some custom piece of software, the customer doesn't have to pay us twice as much for the project. We sell them a system, with the license to use the software, and we give them a copy of the code as a deliverable for them to modify and use for the specific system we sold them.

    Most people think companies like ours try to retain ownership so that the customer has to pay us royalties, but the fact is, we rarely, if ever, charge for maintenance. We sell a warranty with the system, so we fix any bugs that arise. If we do a good job, they hire us back to make changes to the system, which we do get to charge for. However, our customer can just as easily go to a different company and hire them to make the change, because our software license permits that.

    The real reason we have to retain ownership is so that we can freely copy portions of code from previous projects to use in future projects. Say, for instance, we wrote a code module that abstracts a certain piece of hardware. If we used that same piece of hardware on another project, we would want to use the same code module to make our life easier. Unfortunately, if our previous customer owned the software, we would have to pay THEM royalties to use that software!!! The fact is, retaining ownership of that code gives us a competitive advantage in future projects, because some of our development is already done, so we can try to under-bid our competition (who are doing the same thing we are, by the way).

    In fact, writing software today is rarely a case of writing code from the ground up, and selling it to someone. Now our job is to take existing pieces and put them together to form a system. That's why companies in our industry are called "Systems Integrators".

Recent investments will yield a slight profit.