Which clause is commonly used to mitigate open source software risks in an IP transaction?

• A. Identify OSS components and licenses, assess copyleft implications, include disclosure and compliance programs; include disclosure schedules, OSS warranties, restrictions on incorporation into proprietary products, consent requirements for sublicensing, and indemnities or rollback/notice provisions.
• B. Rely on a generic confidentiality clause only.
• C. Do not address open-source software.
• D. Rely solely on patent infringement indemnity.

Answer: (C)

Mitigating open-source software risks in an IP transaction requires a dedicated open-source clause that inventories components and licenses, evaluates copyleft effects, and imposes explicit disclosure and compliance measures. This approach is best because it creates visibility into all OSS used, assigns clear responsibilities, and provides remedies if licenses are violated, such as OSS disclosures, warranties about compliance, restrictions on incorporating OSS into proprietary products, consent requirements for sublicensing, and indemnities or rollback/notice provisions. A generic confidentiality clause doesn’t address the unique obligations OSS imposes, like copyleft terms, mandatory source disclosures, or ongoing license compliance. Ignoring OSS or relying solely on a patent indemnity leaves licensing risks unaddressed and can create downstream conflicts over distribution, modification, or disclosure requirements.