Intellectual Property

Risk Management

IPX
Intellectual Property Management

Content Copyright 2004 IPX, Inc. All Rights Reserved. www.ipxco.com

IPX: Intellectual Property Risk Management

Intellectual Property (IP) is one of the least understood and most poorly managed assets of most
organizations and may represent either the single largest revenue opportunity - or the most significant
drain on profitability. In this document we address the need to manage the risks that are created by
the combination of IP management (esp. Open Source Software Management), Global Sourcing, and
Sarbanes-Oxley.

The Enterprise Intellectual Property Risk:

Open Source Software

While using Open Source Software (OSS) in the commercial world has potential advantages, it also poses
particular risks, especially in the areas of copyright, patent and trade secret infringement. One major obstacle
for the widespread acceptance of OSS in the enterprise is the uncertainty and doubt surrounding the labyrinth of
licenses and the terms and conditions involved with using OSS in proprietary products. Another obstacle is the
difficulty of tracking the origins and ownership of IP. Many companies are not well positioned to track and
document their code development, particularly when software development is outsourced abroad.

With the recent high-profile SCO v. IBM lawsuit alleging the inappropriate
disclosure and misappropriation of UNIX derivatives in open source code,
and the 31 lawsuits filed by Forgent Networks against large ISVs and hosted
service companies for failing to license the JPEG technologies, one is
reminded that enterprises must be vigilant in understanding where their
code comes from along with its incumbent restrictions, liabilities and risks.

By extending the open source software model to the commercial world, ISVs and enterprise developers are now
creating new products that integrate OSS in many different forms, such as databases, operating systems and
application servers. Many ISVs and enterprise developers are looking to OSS sources for ready-made solutions to
their product development needs. Currently, companies developing software who seek to leverage the many
benefits of OSS are dependent on their developers to identify potential OSS use. However, few employees
possess both the legal experience of dealing with open source licenses as well as the technical expertise to make
reliable recommendations about software development practices. Likewise, most development managers lack
the knowledge necessary to assess the legal ramifications of using a specific license for their commercial or
proprietary software. Meanwhile, the legal review causes costly delays in development while contracts are
reviewed. Companies without formal internal review processes run an even greater risk if "cowboy" developers
use OSS code that could later require publication of their proprietary source code and damage the software's
commercial viability.

Copyright 2004 IPX, Inc. All Rights Reserved. www.ipxco.com

IPX: Intellectual Property Risk Management

With so many licenses and so much OSS code available on the Web, companies must be extremely careful about
infringing third party intellectual property rights. They must also deal with complex licensing compatibility
issues when combining and modifying code modules from diverse OSS sources.

These challenges become almost insurmountable when one realizes that a company may have no way of knowing
if one of their staff or contract developers downloads and incorporates OSS code into their software without the
proper attribution. Copying snippets of code, even entire modules, and inserting it in proprietary ISV or
enterprise software products, is extremely tempting. Working under intense pressure, developers might use OSS
code without attribution, resulting in a company losing control over its licensing compliance and intellectual
property. If a software audit were to reveal infringing code, the company could be exposed to legal liability.

Potential Legal Pitfalls of Using OSS

OSS license requires restrictions in distribution and use of software.

Company learns it has infringing code in its software must make all additional
proprietary source code available as Open Source.

Software audit reveals infringing code, exposing the company to legal action (IP and
SEC) and monetary penalties.

A last minute audit reveals an IP compliance issue, causing a company to miss its
release date and possibly its window of opportunity altogether.

IP Compliance and Sarbanes Oxley

Sarbanes Oxley places significant financial reporting requirements on companies, and, in addition to being fairly
onerous in it's restrictions, it provides significant penalties for inaccurate reporting of financial risks. With the
trend toward global sourcing, the likelihood of open source software or some other proprietary software making
its way into a particular software product is increased. There is a real need to understand these risks and to
manage them.

The IPX Intellectual Property Risk Management Solution

IPX's approach to this problem is to utilize its tools to identify areas where open source software provides an
accurate, but simple quantitative assessment of the uniqueness of particular concepts. The more quantitative the
approach, the more conducive it is to automation, but we want the numbers to provide real insight for making
good real-time decisions.

Copyright 2004 IPX, Inc. All Rights Reserved. www.ipxco.com

IPX: Intellectual Property Risk Management

IPX has developed software tools that assess uniqueness in IP using simple Bayesian techniques. These tools
empower analysts to gain a perspective on where a particular intellectual asset fits in the universe of IP and
assess the uniqueness quantitatively.

Our analysis framework here is analogous to that

Cont
of determining the conditional probability of ent

e
ur
choosing an object or collection of objects with a Diff/Redline

t
uc
Rare Word
combination of characteristics out of a box. What

r
Analysis

St
is the likelihood that we would choose a patent Structural
Analysis
with particular key concept or set of key concepts? Developer
Tracing
This Combinatorial Bayesian Inference provides
quantitative assessment of the high level
uniqueness of a particular disclosure.

Solution Value

Our IPX management tools allow a company, under attorney client privilege, to assess its IP risk and correct the
problems before they become material. It also provides the means of:

Comparing your software with the corpus of open source software to determine possible
infringement.

Comparing patent, trademark, and product marketing materials to determine IP risks as

compared to the US PTO.

Comparing marketing materials of other companies to the product, patent, and

trademarks portfolios of the company.

Support any IP-related litigation including negating infringement claims and finding
prior art for cross-licensing.

About IPX
Observing the re-emergence of intellectual property concerns in the commercial world, IPX was formed to help
companies maximize the value of their intellectual property. With the trend toward global sourcing, even in IP-
rich spaces like software, combined with the advent of enterprise-hardened Open Source and Sarbanes Oxley, IPX
expanded its offerings from IP portfolio optimization to include IP-related risk management.
 For More information contact IPX Sales:

epowell@ipxco.com
Tel. (1) 512.426.4185

IPX, Inc.

IPX
4611 Colorado Crossing
Austin, Texas 78731
Intellectual Property Management
www.ipxco.com