The Eclipse Corinthian Project has identified areas where template and process documents would add value to legal processes involved in technology, specifically in the areas of procurement and M&A activities involving open source software.
The documents will be hosted in a git-based repository enabling open source development techniques and methodologies to be used. Anyone can raise issues with the documents, fork the documents (for example to create jurisdiction-specific versions of them), and issue pull/merge requests.
Release versions of the documents will be made available in markdown, docx and plain text formats, through a simple and clear web frontend, meaning that users who don’t wish to engage with the development process can easily access them directly. The liberal licensing model will allow unrestricted use, modification and re-distribution.
The initial set of documents was developed by Moorcrofts LLP, a law firm based near London, in England in association with Orcro Limited, an Open Source Consultancy, also based in the UK. Moorcrofts and Orcro are both OpenChain partner organisations (openchainproject.org) and have been working in that capacity to develop:-
1. a due diligence questionnaire and set of warranties for acquiring software from a developer using open source software; and
2. a due diligence questionnaire and set of warranties for use in M&A transactions involving a target which develops software using open source.
These will be hosted by the Eclipse Corinthian Project from day one. We also have a suite of documents drafted to facilitate the supply of services over the internet using microtransaction architectures, which have also been developed by specialist law firms in a number of jurisdictions worldwide. The roadmap includes the development of software intended to facilitate the drafting, assembly, storage and analysis of legal documents. For example, since drafting contracts shares many characteristics with writing software, we propose developing a module for the Eclipse IDE which facilitates this.
Due diligence and warranties for open source development: procurement and M&A
The open source procurement and M&A process has historically focussed on specific releases of supplied software (for example, by analysing the composition of that release, and reviewing the licences for each component within the release). This is becoming less and less effective as a means of analysing and determining compliance risk as software development moves to a CI/CD model (continuous integration/continuous deployment/development).
A much more effective approach is to focus the warranties on the development process itself, and the processes, policies and procedures which the developing organisation uses to manage that development process. An ISO standard, ISO5230:2020 (OpenChain) defines the characteristics that a development program must have in order to manage open source compliance risk effectively, and the standard lends itself to a framework both for due diligence, and for warranties, both in procurement and M&A. The beauty of this approach is that it does not require that the target is compliant with, or even aware of, ISO5230:2020 (but it does mean that applying the process to a compliant organisation is that much more straightforward).
The initial set of due diligence questions for procurement has been developed using the ISO5230 framework, with the input from many active members of the OpenChain project, and the procurement terms have themselves been adapted to form the M&A due diligence and warranty suite.
The content of this open source project is received and distributed under the license(s) listed above. Some source code and binaries may be distributed under different terms. Specific license information is provided in file headers and in NOTICE files distributed with the project's binaries.