Indemnity Protection for Linux?

spookymonster asks: "I'm a mainframe sysadmin for a Fortune 50 company. I'm also a Linux hobbyist. About 18 months ago, my request for a proof-of-concept z/Series testbed was granted, and the results have been encouraging. Despite this, senior management keeps saying that Linux isn't ready for prime time. Today, I was finally able to corner one of them and ask him what exactly his issue was with Linux. His answer: Indemnity. All our other software vendors provide protection against someone suing us for using their product. Who protects us if a third party sues us, claiming Linux infringes on their copyrights? Sadly, I was at a loss for words. I've done some digging on Google, but haven't really found anything on the subject. With the SCO/IBM lawsuit heavy in the headlines of late, I figured I'd turn to the Slashdot community for answers. How do I respond to questions about Linux and indemnification protection?"

What indemnity?

[AlecC]

How much is the indemnity you get from the closed-source suppliers worth? Here is a story about users of Microsoft SQL Server possibly being sued for proprietary software incorrectly or inappropriately included by Microsoft in SQLSever.

Of coursse, this is at the start of litigation, and no-one knows how it will turn out. But isn't this exactly what your executive is worrying about happening with Open Source software? And this is from the Godzilla of them all, Microsoft.

No-one can make you perfectly safe from such claims - valid or invalid. But with open source, it shoudl be a lot easier to establish the truth of such allegations, because the source is available, and trackable, a long way back. If closed-source supplier A alleges that closed source supplier B has pirated code, you are into heavy calibre lawyers before source gets disclosed under court order. With open source, you go to the CVS tree, check earliest versions, check dates.... False claims should be seen off pretty quicly. And someone filing proprietary code as OS would be pretty visible (and spurned) within the community.

And if it turns out that you have been using some stolen code, with OS you at least have the option of throwing out only the stolen bits and rewriting them, whereas with closed source you are dependant upon your supplier doing that for you - if the lawsuit hasn't destroyed them, which it would do for a small company (and then where is your indemnity? At then end of the trail of unsecured creditors, I should think).

To summarise: such situations are much less likely to occur with Open rather than Closed source. If they do occur, that indemnity has a good chance of being waste paper. Meanwhile, you have paid out *a lot* in licence fees for a very threadbare security blanket.