Many organizations are turning to resellers to buy \u201coff-the-shelf\u201d software. These resellers can frequently offer better pricing than could be obtained by purchasing directly from the software developer. In addition, in some cases, the reseller may be the only source for purchasing the software (i.e., the developer will not sell directly to the end user). The primary risk presented by these types of purchases is that the governing terms and conditions for use of the software are frequently presented on a take-it-or-leave-it basis. The reseller generally has no authority to change or negotiate the software license agreement and the original developer takes the position that the contract must be accepted as-is.Accepting a software license, even one for relatively low cost, off-the-shelf software, can present material risks, including inadequate warranties, lack of protection in the event of an intellectual property infringement claim, and threats information security. It is this last point that I want to emphasize. As I have written before, most off-the-shelf software license agreements contain little in the way of protection for the licensee\u2019s confidential information and frequently include very broad rights for the licensor and third parties to enter the facilities and access the systems of the licensee to conduct audits. The software may even contain \u201cphone home\u201d functionality that periodically sends undefined data back to the licensor. In short, the license agreement may place the licensee\u2019s data at risk, yet offer no real protection in the form of strong confidentiality and information security obligations.Based on the foregoing, businesses should look closely at the agreements they are being asked to accept in connection with these types of transactions. In most instances, the business case for the software will outweigh the risks presented by the license agreement. However, in making that assessment, the relevant contracts should be reviewed closely for risks to the business\u2019s data and other confidential information.