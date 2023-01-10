Law firms Baker & McKenzie LLP Follow















January 10, 2023 - In an effort to generate revenue, often caused by stressful market conditions, many companies lose the ultimate value of the IP they have worked hard to create. In the rush to market, to license to third parties or to create new software-as-a-service (SaaS), companies unknowingly give away IP assets, including access to source code, that not only diminishes the value of their IP, but lowers their overall company valuation in an exit such as a merger or acquisition. In this market where every dollar counts, we explore how this happens and how to protect against this common IP foot fault.

Once upon a time, a "tech company" was associated with only the most cutting-edge companies. Companies that developed new and innovative software products and put out sleek pieces of hardware. Now, you would be hard pressed to find a company that doesn't have "tech" in some capacity. Businesses are adopting automated processes, making their services accessible via mobile application, and replacing mechanical aspects of their products with all things digital. This increased adoption of "tech" has created opportunities for innovation, but also created new vulnerabilities and risks that businesses must consider.

Proprietary source code is one of the most valuable commodities a company has, yet source code leaks are risks to which even the largest and most sophisticated entities are susceptible. A source code leak may not have urgent and immediate ramifications the same way, for instance, a data breach does. Nonetheless, a source code leak poses significant risks to a company's intellectual property and the integrity of its software. Further, bad actors with access to the human-readable code can analyze it to obtain proprietary algorithms or identify vulnerabilities in the software.

What source code protections exist?

Copyrights protect the literal components of a source code. However, copyright protection extends only to the specific expression and not to the functional aspects of the software; therefore, copyrights cannot protect against a third party's use of the proprietary algorithms or exploitations of vulnerabilities found by analyzing the source code. Any infringement claim will be judged based on the substantial similarity between the claimant's source code and the allegedly infringing source code. The protection will be further limited to the specific version or publication of the source code as each iteration is considered a separate literary work.

On the other hand, patents protect the functionality of source code. In other words, the underlying invention — processes, algorithms, methods of operation, etc. — rather than the source code itself. Accordingly, a patent may provide protection against the use of any exposed proprietary technology. However, unlike copyrights which automatically protect works from the moment of creation, patents must be obtained by showing and claiming a patentable invention in front of the relevant jurisdiction's patent office.

Obtaining a patent for software can be an onerous process, and enforcing the patent may be even more difficult and unpredictable. In any case, patent protections do not cover the source code itself, nor any valuable information, whether it is business information or security protocols, found therein.

Trade secrets are more effective in protecting a company's valuable assets embedded in source code. Trade secret protection extends to information that is commercially valuable as a secret, given that reasonable steps are taken to keep the information secret. This encompasses technical information such as proprietary logic and algorithms as well as security information contained in source code.

The key to trade secret protection is that a company takes "reasonable steps" to protect the confidential assets. Confidentiality agreements and policies, both internal and external, along with physical and digital security measures, are important factors in securing trade secret protection.

In the event of a leak, a company can generally seek legal protection and remedies for disclosure of its software and source code based on copyrights, patents and trade secrets, but the following best practices can help you avoid an issue in the first place.

Best practices to protect source code

Secure software development practices at all stages are essential for not only protecting source code from any leaks or misappropriation but also securing legal protection as a trade secret. Ensuring that security requirements are in place and known by all involved personnel is crucial. Having specific personnel whose job is to secure the source code is even better.

The tools used in developing the code should be selected, operated and maintained with care and with a focus on security. Further, the tools should be configured to generate artifacts of development practices and standardize the style and formatting of source code.

Managing access to the code is the next most important "reasonable step." For trade secrets, courts have found that information cannot be deemed "kept secret" absent access restrictions. Clear communication of the security requirements with third parties is particularly important, as is regularly documenting and maintaining the security infrastructure, including in commercial contracts with customers and business partners. These specific procedures are viewed favorably by the courts, if a leak scenario should come to that.

A principle of least privilege where only strictly required personnel are authorized to access the code is recommended. Storing all source code in a code repository where access is restricted based on the nature of the code and version control features track all changes made to the code is also recommended. Furthermore, source code should be periodically reviewed to determine vulnerabilities and assess potential risks.

Growth mindset

All of these steps are not only valuable for a company's IP concerns, but for financial concerns as well. Many medium and small sized companies are still growing, developing and seeking potential exit opportunities. Making sure that valuable IP stays valuable helps to keep a healthy valuation for your company. As small companies grow, or larger companies switch business models to a software-as-a-service (SaaS) model, proper source code protections sometimes fall by the wayside.

As you develop source code, a few key practices can make a huge difference in making sure your product is protectable and excludable:

•Version control — With proper version control, you can make multiple discrete versions of your source code so that you have other iterations to claim protection over even if one version is compromised.

•Discrete product versioning — Even if you use a SaaS approach with your customers, make sure you are providing support for discrete services, or discrete versions of the associated product being provided. When using SaaS, it can be tempting to give your customers carte blanche access to everything your team comes up with, but this can make it harder to exclude intellectual property should something go wrong.

•Seek confidentiality protections and intellectual property retention with customers — It can often be hard, especially when dealing with customers much larger in size, to get proper ownership of intellectual property and control over software in your commercial contracts. Push back on this where possible, as having given away all your valuable code may be a hindrance when valuing your company.

Intellectual property and software ownership is not a purely defensive gambit. Adding valuable assets to your company can help you leverage better growth, better products and better valuations in mergers and acquisitions.











