SPUG: Open Source Risk Management LLC

Michael R. Wolf MichaelRWolf at att.net
Tue Mar 16 13:01:02 CST 2004

I guess Open Source has just celebrated a rite of passage with the
addition of a new (legal) service. We've long known that rights (the
licenses) were as import as the technology (source code), and have had
long community discussions within and among the various licensing
camps. I guess it's no surprise that someone has stepped in to aid
those who are interested in the technology but scared of the licenses.

It can only increase the usage of Open Source as those standing in the
periphery become bona fide users.

But what of the law of unintended consequences???





Start-up company to sell open-source insurance
Legal action by The SCO Group has created interest in open-source software insurance

News Story by Robert McMillan

MARCH 16, 2004 (IDG NEWS SERVICE) - A New York-based company has spotted a new business opportunity in The SCO Group Inc.'s legal battle with the Linux community: open-source insurance.

Open Source Risk Management LLC (OSRM), a start-up company that last month hired Pamela Jones, former editor of the popular Groklaw.net Web site, as director of litigation risk research, plans to soon begin offering insurance policies to companies that use open-source software but fear that they may be sued, according to a company spokeswoman.

The company now offers a variety of professional services, including software certification and strategic consulting on open-source software insurance. It is also planning a series of training sessions on how best to mitigate the risk of using open-source software. The first such session will be held April 27 in Santa Clara, Calif.

SCO claims that the Linux operating system violates its Unix copyrights, a claim hotly disputed by the Linux community, and has sued a number of IT vendors and even two Linux users -- DaimlerChrysler AG and auto parts retailer AutoZone Inc. -- in connection with its intellectual property (IP) claims.

Though some Linux vendors like Hewlett-Packard Co. and Novell Inc. have already started to offer indemnification for their customers, these programs are "kind of limited," said Heather Meeker, a partner at the Miami law firm Greenberg Traurig LLP, who is working with OSRM on the training sessions. Some indemnification programs, for example, no longer cover users who modify their Linux software, a key feature of open-source, she said.

While there may be riskier areas in high technology -- companies have lost billions of dollars because of computer security breaches, for example -- the intense amount of publicity generated by the SCO lawsuit has created interest in open-source software insurance, Meeker said.

Part of the reason for the concern over SCO is that the Lindon, Utah-based software company has acted differently from companies in proprietary IP disputes. "One of the things that SCO did that raised concerns is they started sending letters to users of the software," Meeker said.

OSRM is not simply responding to SCO but actually providing a service that all software users should have, said Bruce Perens, an open-source advocate who has had discussions with the company. "Software risk management is something that all software needs, and is something that's not provided adequately for proprietary software," he said.

SCO itself did not seem displeased to learn of OSRM's offerings. "I guess this kind of thing was bound to creep up," said SCO spokesman Blake Stowell. SCO believes that its $699 per processor Intellectual Property License for Linux, however, is a better idea. "Ours is certainly the most reasonable way to go and certainly the safest way to go," he said.

Michael R. Wolf
    All mammals learn by playing!
        MichaelRWolf at att.net

More information about the spug-list mailing list