Increasing numbers of businesses are using open-source software to develop technology ­ – the obvious attraction being the possibility of using, modifying and distributing the open-source code without paying a fee to the developer. But the business and financial risks surrounding the use of open source must also be taken into account because they can have a substantial impact on the value of a business.

A firm’s IT systems and software are among its most important assets. As a result, a company’s rights to protect and commercialise its technology have become more significant when the firm is up for sale or looking for investors. In particular, open-source software can have a dramatic effect on due diligence and deal negotiations. It also prompts companies to add disclosures to their offering memoranda and shareholder communications about business model risks resulting from their use of open source.

The reasons for this are rooted in the key differences between open-source software and other types of licensed software. This can mean companies that use open source may not fully own or control their products. Open-source software is, of course, not put in the public domain with no strings attached ­ – it comes with licence terms and conditions chosen by the program’s author.

If a company uses code that is subject to a “reciprocal” licence such as the general public licence (GPL) to create a product, it must make that product’s software available in source code form so that others can use, modify, distribute and incorporate that code into other software – ­ without charging a licence fee. Companies will be subject to these reciprocal obligations even if the firm depends on software licensing revenue or the sale of equipment containing embedded software ­ – which may mean that business leaders have to make their most valuable asset available for free to anyone who wants it.

Large companies such as IBM and Oracle may not have to charge for their technology ­ – they can make money selling profitable consulting services, hardware and databases alongside their products built on open-source software. But for smaller companies, relying on open source can present risks to their main sources of revenue.

The recent trend of taking companies to court for open-source software licence violations has heightened awareness of the issues among venture capital investors and mergers and acquisitions (M&A) advisors.

In 2006, a German court found the network device manufacturer D-Link had violated the GPL by distributing certain Linux operating system software as part of its products. In 2007 and 2008, the authors of a set of open-source utilities called BusyBox sued Verizon Communications and several other companies for GPL violations, which resulted in the companies making settlement payments and releasing their source code on the internet. And last month a US appeals court ruled in a precedent-setting decision that violations of open-source software licence terms can result in liability for copyright infringement.

Sophisticated buyers are now also familiar with the problems faced by Cisco after spending $500m (£283m) to purchase Linksys, the manufacturer of home networking equipment. Shortly after the acquisition, Cisco was forced to release online the source code for various products that Linksys had created using open-source software.

Today, sophisticated buyers carefully review the software code used by target companies they wish to purchase. If a buyer cannot identify the licences governing its use of software, the sellers of the target will run into trouble during due diligence because of legal uncertainties over intellectual property rights. If the code review also reveals that a company being sold has been using open-source software in developing its products or key internal systems, buyers now take a close look as part of technical due diligence at how the software has been used.

Recently, some buyers have been factoring in the potential cost of rewriting software or licensing alternative software from another source into the costs of the acquisition where the open-source software is part of code that is important to the target company’s business. If the required rewriting appears to be extensive or alternative software is only available at a significant additional cost, the buyer might even be justified in seeking an adjustment to the purchase price. At a minimum a buyer will require detailed additional warranties if it is found that the target has made extensive use of open-source software.

In seeking to avoid these problems, investors and acquirers increasingly expect companies that rely on software to adopt compliance policies that control how, and in what circumstances, software code is acquired from third-party sources and incorporated into a company’s products. These policies may require that no open-source code will be used, or they may create a process that allows developers to ask senior management to approve the use of certain identified applications or tools. These policies would usually also include formal licence management processes and a pre-release licence compliance check before a product is issued.

In summary, for companies about to be sold, senior executives must be able to respond to due diligence enquiries about intellectual property (IP) ownership and use of open-source software – ­ and to demonstrate that IP issues have been properly managed and do not threaten future revenue streams. The same is true for investors ­ venture capitalists, eager to protect their returns and possi ble exit, are also requiring that their portfolio firms manage open-source issues appropriately.

Good IP management has always been the hallmark of a well-run company, but with the increased focus on open-source software risks in venture capital and M &A deals, the stakes are now much higher.

David Boutcher is a partner at Reed Smith, where he heads the Europe and Middle East corporate group; Bob Stankey, also of Reed Smith, is a partner specialising in technology.