Using version control to manage Intellectual Property

Intellectual Property (IP) management is one of the least glamorous activities required when running a software project. And yet it may just provide critical evidence for a quick resolution when a project is forced to defend itself against an IP dispute. A recent example of an attack on a open source project can be seen in the high profile JMRI.org defence against fraudulent claims of patent violations. Proper IP management not only provides peace of mind for the core project team, it also ensures contributors are not individually liable for costs. IP management is particularly important in healthy open source projects as they may received contributions of uncertain copyright status from a wide range of people of varying and possibly unknown background.

Fortunately, while IP management may seem daunting, not to mention complex, in actual fact a large chunk of the requirements are met almost for free as a side affect of using common development tools. When used wisely, version control systems provide the auditing required to keep track of IP, especially copyright. This is indeed fortunate when you consider that a single contribution may touch a very significant number of the files or other constituent components of a large mature project.

When contributions are accepted into the project code base there is the possibility that some of the code was in fact not usable for legal reasons. Such contamination may come from IP violations such as the process being covered by an enforceable software patent (in the USA), or the contributor being neither the copyright holder nor having been granted appropriate rights. Even if, as recommended, contributors are required to sign a Contributor Licence Agreement to assign ownership to the project itself, there is still a need to track individual contributions in case of dispute.

So a project needs to track who contributed each individual bit of code as it is accepted into the core code base. As a brief aside, the projects governance model will describe who can commit into the core and under what circumstances. The other requirement for IP management is the ability to make various queries about who made a change and when. Any decent version control worth it’s salt will provide the basic facilities which when combined with simple processes provide basic IP management.

Version control tools by their nature keep track of changes and allow queries to be performed. A project need only ensure that every change is clearly marked with the contributors identity, bearing in mind that the commiter may not be the same person as the contributor. This also implies that commits should be carefully managed so as not to mingle changes from different authors; but that is bad practice anyway for basic auditing purposes. A simple approach is to insist that all modifications include the email address of author. Some tools such as the distributed version control system git make it possible to get such owner stamps to appear automatically in the patches made and submitted as a contribution.

For auditing purposes it may be useful to generate a list of dates of change per contributor and merge that with a list of IP agreements. If any specific part of the code is disputed then the facility to see who made a change and when is useful (often call the ‘blame’ feature). If a particular change is in dispute it is easy to find out the extent and which files are effected. Finally most version control systems allow notifications to be generated on commits which can be useful for notifying those responsible for checking IP.

Our article What is version control? Why is it important for due diligence provides more detail on using version control.