Linux & Open Source - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Linux & Open Source


Insuring Open Source the Old-Fashioned Way



 By: Chris Preimesberger
2005-10-31
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Linux & Open Source story.


Rate This Article:
Poor Best
The policies from Open Source Risk Management offer protection in the event of an intellectual property lawsuit.

Open Source Risk Management Inc. (OSRM), a New York-based software license compliance analysis vendor, Monday announced the availability of the first risk insurance policy for enterprises who wish to protect themselves from intellectual property lawsuits when they acquire a software company or produce software with open source components.

Open Source Compliance Insurance is the first insurance policy to cover the specialized risks faced by enterprises that rely upon Linux and other open source software in their commercial products or internal IT infrastructure. It will be underwritten by UK-based Kiln PLC and sold by Lloyds of London insurance broker Miller Insurance Services Ltd.

The new insurance initially will offer coverage of up to $10 million for direct loss suffered by the insured following a finding of non-compliance with specific license agreements under which open source code is obtainable, OSRM said.

The insurance also will indemnify the insured for the loss of profits associated with the withdrawal or alteration of a product incorporating non-compliant code, OSRM said.

Cost of the coverage will depend on what each company wants to protect. "It depends upon what each company is doing," OSRM CEO Daniel Egger told Ziff Davis Internet, "but it generally will amount to about 2 percent per $1 million ($20,000) per year of coverage."

Resource Library:

Not every company using open source is exposed to risks associated with license infringement, Egger said. "But as adoption rapidly increases, it is critical that companies take licenses seriously and fully understand what constitutes violation and therefore exposure," he added. "I believe it will help eliminate one of the last reasons for corporate resistance to full acceptance of Linux and other open source software."

More than 30 legal claims involving infringement of open source licenses have been brought worldwide against corporations in the last two years. In each case, plaintiffs have prevailed in enforcing their rights to restrict the use of their code.

One of the more active companies in software IP litigation has been The SCO Group of Lindon, Utah (formerly Caldera Systems), which owns the patent on Unix System V code and has lawsuits in process against IBM, Daimler Chrysler Corp., AutoZone Inc. and others.

Open source compliance is excluded from standard Errors and Omissions insurance and is of particular concern for privately-held technology companies seeking to be acquired in merger and acquisition transactions, obtaining equity financing or going public. It is also a potential material risk for public companies under the Sarbanes-Oxley Act of 2002.

A common risk scenario includes development of proprietary software, such as trading tools or inventory management applications, using one or more open source software components. Simple actions like making these tools available on an extranet, or sending them to external partners or suppliers, constitutes "distribution" under a GPL license and requires a company to open source that proprietary application, making it freely available to competitors, OSRM said.

"The Linksys case is a good example," Egger said. "When Cisco (Systems) acquired Linksys for $500 million (in 2003), they acquired a toolkit that included a large number of open source GNU "C" libraries. Some of those were sold to customers as a proprietary product. It was simply a mistake at the time. Cisco then rectified the issue by re-distributing the tools (free of charge) to its customers, which is an acceptable form of distribution.

"Now, all deals must have that Linksys clause included, as I call it," Egger said.

Forrester analyst Michael Goulde told Ziff Davis Internet that the new insurance is too narrowly focused to attract a large number of customers, at least at the start.

"The specific type of coverage that is being offered by Kiln is limited in scope and will appeal mostly to companies that are primarily in the business of distributing software, either directly or embedded in other products," Goulde wrote in an e-mail.

"They are offering compliance insurance that covers the cost of remediating non-compliant software. Having license compliance measures in place is more important for these companies than for companies using open source internally in business applications. For the latter, the risks are more uncertain, and they are likely to be less interested in the license compliance policies Kiln is selling."

Does this safeguard open source software enough for old-school enterprises using antiquated systems to consider switching over to it?

"Its a step in the right direction," Goulde said, "but lets face it: Open source isnt for everyone. Youll probably see those old-timers become more willing to use open source tools fairly soon, but using it in mission-critical applications would be akin to giving up their mainframe addiction."

Goulde said that Forresters customer surveys indicate that risk around open source licenses and intellectual property is one of the barriers to open source adoption, but not a major one.

Red Hat wants Xen in Linux Kernel. Click here to read more.

"Companies realize that there havent been any major litigations yet, so although the theoretical risk may be there, the actual risk is still fairly low," Goulde said. "By putting policies into place around open source use and educating developers on how to properly use open source licenses, companies can eliminate many of the potential risks.

"The risks that cannot be controlled are the potential for copyright or patent infringement that exist for any software product. And the danger of a customer getting sued (aka the SCO Group risk) rather than the infringing distributor is really pretty remote."

Check out eWEEK.coms for the latest open-source news, reviews and analysis.



  Reader Comments: Insuring Open Source the Old-Fashioned Way
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Linux & Open Source Articles          >>> More By Chris Preimesberger
 


x}r㶲s\@♵M푦d[kmyYԩRQ$1H-GO]'7n$A]hɗ{<5D th4ys\xCjΦ.Qw߽ >ۃp\{#u`jZ)>5#R?Wa_@**Q  tjGt0]2h֌;{2"ovU{bhbߨ:`J-xlR!j 9#A8wh-'@)>Rhӯu%GMӈ1Jϱ$aT}蹡ؿR=Л.Bt!|@Z%֨܋ʏIGOn?S;ό3!]~F1x-L=yͨ  /\1r.fm{a4x#/t#*05NRZ [XdTF Ӿ R!p5ԵrؗU57rl6PCC/*V?tߋW;vg_mʼi&oZϝs_t.[gW9~]-ж%y4 > Eivesگ>si^wDUJ`^. / ZH WP< .k:Qҍ[-[C3R=dnaԷ +i3k,GQD}24/VI㳣Vl,OaR1 22Q,]魘ȏwEժuyҾ59i~n7; _OO0\̵ô:cUoq`CK'^C׉CXCyC]0SҾ#3p>~jqo]}::o7cU=鞐u/ !]tj2Gr?RWJo ǚ ! %9 ":usP;H}sڊNmҘ!rƒ M+3;nZ+]0[-REpƦ\ ДQ}o0gMab&DJH?1V0YEU>rݠHP3>̧K&7#DL vx yB(:pHqb&NbO1ƀsCzlNTVʒ0Wb{gQcL.CsGfyB:WN?]4;Ƈ&LqJjhX.B2iKB0qkF_)Ab/jvK h -T`qauʔ͙`,0,ZC9Odz't`&H<& `M/.G˥~f5 @ Lva 8V87 M#uәQ {Z=H&}mP`y~Ij\/.A0?. ; O`p=&;xk= `DMWtC` V< 2/?9a1CxX,P}jO6L1&̢~RP|rZ( 7^`2)%Ms 4.gH)AH = =99 ŊHޑv^*Vph(6ݞH9F^O/h&3aGU-n^H23#CɴeYX91{MfT`"[ᛥDKak`FX,C/W! жlXCtH{4i &蝐`3Ґ( s?{\g!@Cy;J`0aEiŬ9c19i|X#ؼ ݜ.,Ƕ5&&B~môLhD,iocsYs:ul:ȓ&L&%uK-0s k2'yn7?>y@Om\n|44<3_N#k;{7C_K% jJ=SsFA|5 i!3L&Ze on<GK^ʚtɕU.F(ZS1rj~#J=spG('zcoBFLAo=e河xOtXKnuo?Hյ݋pz1(KúJz'/H m_Eڠ}eLGiK-# IHצ(X +ezlxyD62ʡE}نO{{=챧0ZUmȔco1UKfT9,Wfn @~8+[0P.m^V7y{|A:S߼w \|.*l|$eHo:'kX"lM Cfj:X[S4*.|O<V'0)#Vs擩m°s\^ˆ=W~l2^7C =1͉V*a0؋ lg|s:nHycI_.i]OH?I?րH{A*,UxÝ5I = 't$ EiLKvg!9&vQ4e$='SQv~P5`nEk 5!70Mx}LK=9>xȡ>4ujn8flFc>eLZvCiv6 ( `> Kx{ZC8aSd}ӁFFB-š8k*%{K'KPlXC3B)dok21s氤d;~X'hR6afHeTVՍ꾮\gTP-(zItn:0nȈُXD[N:L&2Oɿf﹮ ,ߞ`_`On;ܝ3=`>LtWE(v7@l+J9ww|L G\0BR,W=bHp?*78_-Javš\HX9H(K UۻBlp‰݁ +UA 'de, ,"zдR=)=2fV(Yŵ?hxqLٽ jTݷ%&b* N=bY,t(vitH`ԧˮrڸh93>8tUڗA5[κq^Z~}q4 }Yi]4u@JV-?\?](Ƈ&? A{f BG8oIŤf9得3zV^5NNZk6zvo_xuT^'+փ w"yKrBVë  c@JA=Vo8iu_#i%LB( `E/c^HFrI'#ijqπ/PAQ):(9Q;QKѷoYoDWY|_q-5sz<~6 \1ZN:i}&=B2^'18[h)yI""0xc|.A-H7ܼN9 c{0n)fTDxi'>fax!w  q-՝{ 6'il. [LGa .bJD<9x2ؠ#%tBX|MuSOF =2CϛgyV7Vsm-daSfoݷPvcW};׋>--8tǠ}Ҁ#ۑ٘NFBEu#o+lﮯrUWp*eGr;ld+NE$,nP*vAK J3bȾuK7^bR z#oJ]|]& {~ ]ݣPIߣw뻻~=Ғ(r]ZD܎qwUZZ|>OW%0)րUZ]:VJ~\{<{\,p;-rUADÆvd9gDYsC|~6~0NHU~hjxS`l{0OV 喅:?G)4俶[ BrnNCA:l0ǒV\AC[VvOx);Rdj(^Y&1+wmcpGrre ^n=ыDp]l4Z|.T(΀۴,PXSoUXd>,KΑ^K'|=A/i!렳,:fLPϼ{- YM4qpAxOӔ׆.HKbz?H=zqfdR?6iEl/t E_pFNVHtcKK< GI.I"?x␅t/.kI=UVnAeI;0d`=K5I}YMxEQkYմs55Xg@6=x22| EՄ4;JJ+. hE(IkUq~<,6?wx?S+u1Y nD /Ok7tkE0s y_FڬIqy#H?!HQ1T? LF~S4ĉG59{ G L\92C0xxUaJjUUU~ Nd$O8x4x/TD{Z:E$zYOz}"Uʻ7(Ŋ+z|/;NRNu)(3@U:܎T.]~[9rƓJQS*Fb6SwȀI Z$Lx+ nݒ8G.-oʥse{hĿ2 +HzX5`&LqYD g<\c}g'hi{"|{__x(MWҦX|(D1B#²\*tX >Ψ /5E1.E]djGv1TEaP_9UWCWE$DH,*g"F^ߴ,UT,U~^5#j(-1,7W%ץ+3+Q|0k0!l:̕l@H {< Ug_JޜMfP*jgh&C5`K|(N"B"2=4'iQ;sR~K]Gvq77774jteߋZ\! J+X˄i(=L,X7!'^ q!I@JN&_ 2PalI^ېOry"=e q"mLgs> $ H,b_߮lLyɜAD bht0蝍Wl( x1HORfRgs H"!HD@DCg_ 8Q? y'x~E;3A.W-`.$LI>MbIRb6Vas"E2|T.pV0rۄV1XCNئ3y hI}WֹT} |T1=vPw?C ٵ~ "`csBĉ`6Ei?z) ء3C;s^JYa##7AAwt d ݶ8189u T7T.ƚ,tcM0< >x's! k@AwT錽3ڱffMW _h~؊z_QBRZVx9vlk='ț|%fhFfU(|-n?`cs y8i|D~JPPo4>*ܮ˲v s{K76>]=|s*ʿr:Dl~,e7@}y ǣ{yJQ«Gr]\ $rφ1}LܸqO ©75O5p0@:OomXH^86GA8 ==67o=vzmm~ {k3蹷{#[ofx6௱aul:/PՒ}s:dUoo#fyN; mV)Kj. n86šgzNJoif-e։5VdqlroCf&e< ~9i Dj` >狤",'?5}@н>]?gP ΝghPT.>kAV~/c~?ȧ% T^,|j1iNO,C$&Hm9(5 x!*ĴOg}4Ӻ7ja^!tqo(P=X67e~VxrzV9T7F_@gF`id>~^G%HZ#޻aik)PAgt~DU)Lc{4 ,S\0۠꤯ 7v6FKJ%c}(,!@N|E L=?4ST}䉯[H&o uDCঐ_v~x) uM:@k="=f|#~Y:3ʉmO ^xgNEqma6BTXJLH e_qbpCvYI rMa1B97sz5MDp vQ<6sKcWF-5z Z 0KAX ^qKQ3&IW~X$[a(_k3Q#rd! `,MH^XAhD]be@-g{ h#8ῴlztP2Fm.MMfAȢFwNE\sIn5*ھZr~^ :XuZ%.˘xmQ찔_Ke: Iс~ _?tk 6٦KMµAʥ 8IVSDCKJefjRCrz8P7oH\\wՑUCբfOP0!H*G:0*69\_#>=|g`EhcusK%XS7Mߙl 8,֐K w e`kG J& ys@>- '70eˡq5\o7j8"2%$D$Rxxo/%=!/I{e >f9'7:^`i;t]{tK3>Н3B;dYu) +K-^`9%]Hmn4Zۅ]avB,f:'gk \'ЁH:Sj&N#$u#7Q^D~h#nO7kjL~g*F,Ip5J=,-EiWvD!!S/ L%! H!4y.kx>ax7Wp+PjTݷV7>@ViҞA+qT.La,jQ:#oI XPpcQMA+Wt~6 Nчd>pX:l>= wz̥. \nL_ _߰,VIm{7R[ D>-RWldb"@՘^dKeZo4srټ7u=<鳌#soF&#x3gS\ hs>NQh0I|C~AN"=R+a0wCy–s\vYcXZC8ް>0?Ĉo8fkHג s TZˎ0Iݺ`?C3{NZ"㣬ȘhD MQ VHxLirttfDnOKLs6@@P0H47ϷAƆqIA#{83D,5lrflFSN jcZ|D"{X#&3)q$ F˩a)vqY@u#LD͂z(­!#M)QwS2D<-2 l &Lma`t.tcNa~2?Mktҧ< 2C̔k7]喣ZEp#ߛ~Sg8 XˠnNK ybH ]d ^yN4_Xs@lZض =܃RXX_1[=LꪆO{ZBvUX J=t.^<{ۑAguLTp^I+\A_ / P)F  W{sGC2H`IPkwl9f\h\]!k &|:_%9joho[u}}uټn]vsSۇRd&%|Q)t&GYFqdvʌPN̯x+B*jK xU< O8V~Z_:['пVF?Ӻ(2d/y|s_d/}/2{ȠE^^d'esFeQ~0{ s!?0~׆3?m/ rqWU?;wN]nuZ_ S}Y >>goʁo2ڿh&NQ2!(odY NOoT8G\(_JeYW@a uyQAyJ2,c2\. d{%;[??'BX\zzs+7g^6'5v+iAM {} yW /"yeoR3AѦaNFgGVchto$.&{R}tEIxմ] &])r-XѧZ}U/JYy8qUM=Q*ND1KAF0wtɉS'?e͂xĿˏÉg.Arr mv]}0[00/:)7.p{ZM].nm;yx#ֽ2"T_;Yo%P/}sDgev^f{>ţu.T+6:7q3[  s H? }?fzaB&Hq޻j|hlR+O9k:8L:I<w ^a%`/xIN)cعk ЌDt5^i{@$ m{g96ƎHn:+a ˕R;~G;F"ðYA{)HO7T]S**5~X,)g /(@#غʷ7xR#xy]:aRq pKn5FG P }:fwP)u|y3 I"o9Ty Nd@7J,wW;SÀЫYġ@S,A0bl{I W1hӐC Fؒ%Dİ-+E1N>@OJg ~?MqkI%B4wtM zy<(?Pól1@x;Ĝ zu0rKdp!gB-Zыt^X@gD˺&96],Xl&l64t?rނwr$}HM,tͻKzU{x,"XC0 |l/ixxAg.&EF.bj|şYD VNF7b5v%sf f\* wW{L1&ƠֽZc 1H/c@oJ`Xk'JV7Ot#by52&6FwnrՂ—Tx#WЦ A욁ycX?qg0r&/x$" "H "s{D|%ЄZsn2!-d?v=JʨwK{?cAo쭨F|m)ݺb,ӥ=-^tJ #TF|gȌQiGj W"QVF;A}F垓31#qyU YT8R"?7]loIVmN*ن0U7VAxًtGx DS3m-(Eǭ6ir};{,Sdv/+0bŽɧ[g*i'K ^衰t#J.ڋ|om|F,[kl`IVB`򜴺5psSeW~/[vLU8P8ٶ2#OA=r ύe[ O"C2 3 n=ձ w`7@#>&rd{Ko*qH|n4/exª~Qxh=&ӊz'JRo? zEw`+gq?d|;(])֡?Mjo(\*]Lbq Y;g;I * G8&U][66sP/}GWQ籺tTcxi" B#V|JrX}P?):OOgKufW/e[m!_l,{ QAbF犜BqY삢U6nDKůF%IDb$8I7vsh;h;3THهl*&KY{km]d*a7:_8E8yja"eW})IDSy)/̀/((ʓ}E.^ZqeQ W T*7u_ΛKwbn hy6Wn&_!!=F٨HA$ᑭWVtơI:*d_+V g۩ًf#imئ2:T.%j  q-˕49Q|I07Nw6Ȅ В#nMvbe}K)