SAN FRANCISCO—On Monday, OSRM, a provider of open-source consulting and risk mitigation insurance, announced that the group has found that there are 283 issued, but not yet court-validated, software patents that could conceivablly be used in patent claims against Linux.
Thats the potential bad news for Linux developers and users. The good news is that the Linux kernel contains no court-validated software patents. For those who are seriously concerned about the risks, OSRM (Open Source Risk Management)will be offering a litigation insurance policy starting in 2005.
OSRM began offering copyright infringement insurance to Linux users in April 2004.
Patent attorney Dan Ravicher, leader of the OSRM patent study and executive senior counsel to the Free Software Foundation, added that only about "half of software patents stand up in court."
Of those 283 issued patents, Ravicher continued, "about a third are held by organizations or companies that are seen as Linux friendly: IBM, HP, Novell, Red Hat, etc. At the same time, though, 10 percent of these patents are held by Microsoft."
Ravicher also points out that, "This is not a doomsday scenario. This number of potential patent concerns is typical for a software product of the size and complexity of Linux."
OSRM wont publicly say what the specific software patents are that potentially affect Linux because it "would put the whole developer community at risk."
Thats because of what he describes as the "Catch-22 of patent law ... Patent law is meant to popularize technology, but at the same time if you look at software patents as a developer, you put yourself at more legal risk."
"Current U.S. patent law creates an environment in which vendors and developers are generally advised by their lawyers not to examine other peoples software patents, because doing so creates the risk of triple damages for willful infringement," explained Daniel Egger, chairman and founder of OSRM.
"This studied ignorance leaves the field open to those who would spread fear and disinformation. It also means that only a vendor-neutral entity, like OSRM, has the freedom and incentive to assess the true risks."