Your SaaS system very likely incorporates open-source or third-party software, or you may provide such software as an ancillary product to your system. When doing so, ensure that you’ve performed the required due diligence to ensure that you are not breaching the license and that it is free of any known vulnerabilities that could pose security risks. Additionally, you should limit your liability concerning such software in your contracts.
If the SaaS system includes open-source software, your SaaS contract should contain the appropriate provisions to ensure the Supplier has used the software responsibly.
These days, it is improbable that any SaaS system will not include third-party software or open-source software. With this in mind, ensure that your SaaS contract includes certain warranties regarding these third-party/open-source modules
Some considerations:
- The Supplier should have lawfully obtained the third-party software and has not breached any licenses by incorporating the third-party software or open-source software.
- The Supplier should have done its due diligence and confirmed that the third-party/open-source software included does not contain any security vulnerabilities.
- The Supplier should monitor changes to the third-party software/open-source software and incorporate any relevant updates, especially those that fix bugs or security holes.
To learn more and join the discussion, check out my LinkedIn post.
