ESG investing has received a lot of attention in recent years. It stands for Environmental, Social, and Governance, and is a way to value investments according to their ethical strength, rather than their purely financial valuation. ESG is not about charity; it applies to investing in conventional businesses, and not donating to non-profit entities (NGOs). Conventional businesses, by definition, have the primary goal of making money for their shareholders — in fact, meeting that goal is a legal obligation. ESG seeks to temper those goals to keep profit-making socially responsible.

As a category, ESG started by focusing primarily on environmental concerns, but has broadened to other concerns, like social justice and diversity. Several ratings systems have cropped up to help investors make ESG choices, like the MSCI and the Standard & Poor's 500 ESG Index. S&P ESG was in the news recently, because Tesla was off the list, while Exxon was on the list, causing Elon Musk to publicly call the ratings “a scam.” The SEC has also recently expressed concerns about ESG “greenwashing” for public companies. Behind this apparent inconsistency is a complex set of criteria including environmental, social, and governance factors. For more on how the S&P rating works, take a look here.

An Investment Category and a Risk Category

Investors today are more attuned to ethical issues than ever before. So, they tend to prefer to invest in stocks with good ESG scores. Managers of large investment funds also now have ESG mandates. For example, CALPERS, the biggest public retirement fund of the US, includes ESG as part of its investment criteria. Along with ratings like MSCI and S&P ESG, specialized ESG investment funds have appeared, helping their investors select ethical companies for investment. Being selected as a good ESG investment by investment advisors or large funds raises the demand for the company’s stock, and accordingly, its price. The increased stock value of businesses due to positive ESG practices is sometimes called the green benefit.

But ESG is also an emerging risk category. For many years now, open source licensing has been viewed by most private companies as an intellectual property risk. But there are reasons why it might be considered a different kind of risk, much closer to ESG. This could change how businesses think about the risk/reward profile of open source participation. ESG risks tend toward reputational damage rather than lawsuits and money damages. For example, missteps with data privacy practices, corporate and board diversity, and environmental impact can damage the value of a company in a way orthogonal to high revenue multiples and conventional legal losses.

Why Open Source Should Be Viewed as ESG Risk

Open source software licensing was first identified as a legal risk in the 1990s, and since that time, has become a standard due diligence item in most M&A and investment deals. But understanding of the nature of these risks has lagged far behind merely spotting them as an issue. This has resulted in some nonsensical warranty provisions and strange negotiations. In part, this disconnect happened because the risks associated with open source licensing don’t fit very well into the traditional risk analysis for business deals.

Most business deals require software vendors to make legally enforceable statements, called representations and warranties, about what open source software they are using. For the last couple of decades, this requirement has become a thorn in the side of most developers and software business people when they are doing business. If those statements are untrue, there is an indemnity, which is a promise to handle legal claims that result. In fact, this traditional remedy is usually not a satisfactory way to handle open source compliance issues. In fact, most compliance claims never come close to litigation or settlement of money damages. When they do, the settlement amounts are usually quite small, compared to other kinds of intellectual property claims. But they do cause problems of other kinds, more like an ESG problem.

This lack of litigation, viewed through a lens of traditional intellectual property risk, causes some businesspeople to ask questions like “If there is so little litigation, why should I bother with open source compliance?” And there are many answers to that question, including that the costs of open source violations tend to be reputational and operational. But the main answer is: because it is the right thing to do.

And this is the heart of the issue.  Open source risk needs to be analyzed more like ESG than like traditional risks. Both the kind of harm that results — reputational harm — and the kind of remedies that work — remediation, not litigation — are more closely aligned with ESG problems than with intellectual property infringement or other traditional legal risks.

Open Source Investment Should Be Recognized as an ESG Investment

On the other side of the equation, open source should be considered ESG from an investment viewpoint as well. Open source participation has long been viewed in the technical community as a moral imperative, but the average investor may not understand why. The free software movement is a political and ethical movement. Those who advocate for open source software consider it just as important as environmental and social goals — in fact, they often consider it an important way to address environmental and social problems.

When it comes to open source, a company today is either part of the solution or part of the problem. These days, almost all companies use software, and most develop it as well. Companies that have moved beyond the initial stage of using open source software, and matured to the point of releasing it — or even basing their businesses on it — have better reputations in technical communities.

Like other ESG areas, good citizenship in the open source community is important to business reputation. Businesses that commit significant capital to open source development generate lots of value, and capture only a portion of it. That’s not a bug — it’s a feature. The delta is a gift to the world. It’s a way of doing business consistent with the notions of ethical capitalism. So it’s time for open source businesses to stop being shy about positioning themselves as ESG investments.

Will investors consider open source participation as important as conventional ESG? Perhaps not. But it still makes sense to analyze open source as an ESG category. Doing so demystifies the cost-benefit calculus of commercial open source development, and aligns it with analogous ESG risks and rewards.

About the Author

Heather Meeker is a General Partner at OSS Capital, a venture fund that specializes in investing in early stage commercial open source development. She is also a partner at Tech Law Partners LLP, a law firm focusing on technology transactions. Ms. Meeker learned to program in FORTRAN sometime during the 20th century, and she’s not saying when. She can be reached at