O'Reilly logo

A Guide to IT Contracting by Michael R. Overly, Matthew A. Karlyn

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

189
17
Reducing Security Risks in
Information Technology Contracts
CHECKLIST
Trade Secrets
Stamp with “CONFIDENTIAL
Control physical access
Use time stamps and ID logs
Strong password requirements
Encryption
Firewalls
Prohibited use of USB drives
Isolate development and testing environments
Copyright
Establish and communicate policy
Mark with © symbol
Mark with year of rst publication
Mark with name of legal owner
Include textual marking in source code
US copyright registration
Register with US Customs
Joint IP
“Clean room” protocols
Isolate independent IP from joint IP
Embedded Open Source
Policy against embedding open source
Advance planning for correct embedding if at all
Internal Procedures
Archive copies of each soware version
190  •  A Guide to IT Contracting: Checklists, Tools, and Techniques
Verify company’s right to use other IP
Enforce security policies
Appropriate use of computers
Appropriate use of mobile devices
Passwords
Policies Aer Infringement
Audit rights
“Phone-home” features
Swi action upon infringement
Terms for end of license
S Uninstall program code
S Destroy electronic copies
S Return physical copies
Insure against IP infringement
Employee Training
Need to protect soware
How to protect soware
Responsibilities for protection during and aer employment
Exit interviews
Contractual Protections
Proprietary information of former employer
Assignment
Prohibited use or disclosure of condential information
Noncompete agreements
Nonsolicitation agreements
Nonemployees and Subcontractors
Condentiality agreements
Need-to-know basis
Work-for-hire agreements
Assignment of all IP ownership rights
Soware Distribution
Only distribute object code, but if not:
S Source code obfuscator
Embed signature in code
License Agreements
End User License Agreement (EULA)
Require acceptance of EULA
Licensing in writing
State clear terms and conditions
Reducing Security Risks in Information Technology Contracts • 191
No limited liability for misappropriation
Breach results in breach of contract
Breach results in IP infringement
Specify narrow uses for IP
No selling/transferring embedded soware
Prohibit reverse engineering
Prohibit decompiling
Prohibit discovering source code
Prohibit discovering trade secrets
Disclosure of accompanying documents
Explicit statement of condentiality
Nondisclosure agreements (NDAs)
Standard NDA for initial discussions
Aer code delivery, license
Perpetual trade secret condentiality
Audit Rights
Include audit rights
Written certication by licensee ocer
Identify installations of soware
Retain certication copies for ve years
Foreign Jurisdictions
Distribute with care
Source Code Licenses
Escrow the source code
Limit release conditions
Prohibit installation on network computer
Licensee keeps copies in locked safe
Prohibit copying onto removable media
Limit personnel who can access code
ird party: require written authorization
No competitor access to code
Keep logs of source code
Use no open source soware
Indemnify company from all infringement
Warranties apply to unmodied soware
Prohibit IP rights in derivative works
License to company for derivative works
Total assignment of all IP is better
Require specic security measures

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required