Avoid Risks Associated with Software Licensed Through ISVs

Independent software vendors (ISVs) constitute a diverse group of businesses whose core business model typically consists of utilizing third-party software infrastructure and development platforms (such as Microsoft SQL Server or IBM WebSphere Application Server) to create targeted solutions for their customers. ISVs have become a fixture in today’s marketplace for information technology solutions, and most large software companies have programs and licensing models specifically intended for use by ISVs. However, while the return on investment for ISV-delivered solutions is very high in many cases, it is critical for potential ISV customers to be aware of opportunities for legal exposure that can arise when one company’s software products are licensed through in independent vendor.

First, the license that accompanies an ISV’s solution typically includes terms that are specific to the third-party technology utilized by that solution. ISV customers need to be familiar with those terms in order to avoid liability associated with possible over-deployment of the third-party products. For example, many of SAP’s client-relationship management solutions use IBM’s DB2 Enterprise Server software as the associated runtime database. The DB2 license grant included in SAP’s end-user agreement typically allows the user to install the DB2 software as widely as necessary in order to use the SAP solution within licensed limits. However, those terms also expressly limit the use of DB2 to functions related to the SAP solution, and business that use that DB2 software for any other purpose incur the obligation to ensure that those DB2 deployments are independently licensed through IBM. Therefore, in the event of a software audit initiated by IBM, past inattention to the use of SAP-licensed DB2 installations can result in significantly increased licensing exposure.

In addition, it is important to keep in mind the fact that a business’ license to use third-party software in connection with an ISV’s solution is only as good as the rights acquired by the ISV. To the extent that the ISV has failed to secure adequate pass-through license rights through the platform vendor, any license purportedly granted to the end user is potentially worthless. Businesses need to remember that copyright infringement is a strict-liability offense, which means that a belief that software was properly licensed through an ISV is no defense to liability for unlicensed installations (though it may help to mitigate the amount of a damages award). Therefore, it is critical for a business to ensure that its agreements with ISVs include terms requiring the ISVs to provide indemnification for third-party infringement claims. In cases where an ISV is relatively small or otherwise may not have adequate resources to deliver on a duty to indemnify, it is not inappropriate to request that it acquire appropriate insurance coverage against such claims.

Companies are well advised to seek input from knowledgeable licensing counsel where there appears to be potential for risk associated with ISV solutions.