Startup to Offer Open Source Insurance
ThePretender writes "From the Infoworld article, 'Open Source Risk Management LLC (OSRM), a startup company that last month hired Pamela Jones, editor of the popular Groklaw.net Web site, as director of litigation risk research, plans to soon begin offering insurance policies to companies using open source software but fear that they may be sued, according to a company spokeswoman'. What's next - Developers having to pick up 'code malpractice' insurance? Egads." Might as well get some alien abduction insurance while you're at it.
This sounds like a company that's gone parasitic on FUD.
One line blog. I hear that they're called Twitters now.
The company I work for got "the letter" from SCO, and we have now had a second linux-based project shot down due to SCO's FUD working. This is frustrating, to say the least, when the appropriate technical situation is being held hostage by SCO.
If we could buy insurance against the near-zero chance that SCO could be successful, we might be able to get these projects going in the direction that makes technical sense, and stop worrying about (insert rant about McBride and company here).
I don't see why there is such a negative response to this post. I would bet that many if not most of the companies who paid SCO licensing fees would have opted for this deal instead, had it been available, leaving SCO with a lot less money for frivolous lawsuits. In fact, it wouldn't just take money away from SCO--it would give it to the other side. Any company offering open source insurance would have a huge financial interest in fighting a company like SCO, giving the open source movement some much need legal muscle. If insurance like this got more popular, it could seriously weaken SCO's business model.
> Look at the broader picture. All that stuff out
> there on sourceforge. Someone in some cubicle at
> some business decides some obscure project is
> useful, and starts using it.
What bearing does that have on buying Free Software from a respectable company such as Red Hat or IBM?
> If the code was open source though, who do you
> go after?
Whoever made and distributed the unauthorized copies.
> The people profiting from it - the end user.
The end user is not liable unless he can be proven to have known about the copyright infringement in advance. Copyright regulates copying, not use.
> Makes absolute sense. In fact, it was the lack
> of this sort of protection that has kept the
> company I work for away from OSS.
Silly. The risk is exactly the same for closed-source.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Don't insurance companies have to have assets to back their policies?
How would you figure out how much money would be necessary to back these policies? If you believe that the risk is zero, and they don't need money, then the business becomes a confidence scheme. If you believe that the risk isn't zero, you need something to back it up.
On top of that, if you insure people against auto accidents, or serious diesease, you can assume that everyone won't get hit at the same time. But if it turned out that running linux exposed you to liability, then all of the policy holders would have to be paid off at once. In other words, there's no way the premiums would be able to cover it.
I'm not an actuary or an insurance expert, so maybe I don't understand what's going on. But it doesn't smell right to me.
This summer I had the opportunity to work for BlackDuckSoftware.com. Black Duck has built software to help developers (from individuals to large corporations) manage their use of open source software. Essentially, the software enables firms to track the usage of open source code, determine conflicts (if any) and suggest methods of compliance. It takes into account methods of combining code, whether the code is for internal use or public distribution, any number of other considerations that involve open source license compliance. It is able to deal with code licensed under *all* of the certified open source licenses as well as many other proprietary licenses.
While it is not insurance, and does not provide any kind of indemnification, it is a damn good management tool. Its goal is to allow companies to make use of open source code in such a way that full compliance is facilitated, and to avoid any uh-oh moments that happen after code is commerically released.
I worked on the development of the license interpretation module. It involved reading (and re-reading) 50+ licenses and parsing their terms such that compatibility determinations and compliance requirements could be generated for every possible combination of license, code, distribution, concatenation, link, modularization, etc. of a software product. It was exhausting (and sometimes tedious) work, and it certainly made it easy to tell which licenses were written by lawyers, which by coders, and which were written with input from both. It gave me new understanding of why unenlightened legal departments sometimes shy away from open source. Nonetheless, the reality is these licenses exist, are in use today, and are all valid until some court says otherwise. Licensors (i.e. coders in the community) have every right to expect their terms to be adhered to.
Being a geek myself, and a law student, it was pretty gratifying to see that a company wanted to build a product that helped managers to understand and not fear the open source phenomenon. Further, I think the product will really help firms stay fully compliant when they decide to use open source code. And that, in the end, is all our community can ask for.
cleetus
1) Our dear friend Darl has made threatening noises with regard to Groklaw being on the side of whoever SCO is suing this week (e.g., IBM, Red Hat, Novell, Autzone, etc.). OSRM may provide PJ and the rest of the Groklawyers with a corporate vehicle to continue doing exactly what they've been doing without fear that Darl can go after PJ (in particular but also anyone else who contributes) in some sort of malicious (big $ personal lawsuit) way. SCO has amply demonstrated that their response to anyone who opposes them is to file a lawsuit (See SLAPP).
2) You will note that the first activity of this insurance company doesn't seem to be trying to sell an insurance policy. Its to offer a class "...on how best to mitigate the risk of using open source software". Any bets that a lot of that class will be on how to file the right paper work to legally tell SCO to go find an alien who can probe them until the existing SCO litigation is cleared up including deciding if SCO really does own the copyrights to UNIX? (Maybe Darl should look into that alien abduction insurance.)
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
Here's a hypothetical scenario:
- You buy a jar of mayonnaise made by Kraft
- Kraft gets sued by SCOMayo (whatever) for infringing on one of their patents on how to make mayonnaise that stays fresh for up to 12 months and loses
- SCOMayo now sues everyone who ever bought and stored the patent-infringing mayonnaise from Kraft and demands additional $6.99 for every jar of mayonnaise purchased?
IANAL, so I don't understand how this works. Can SCOMayo sue individual people and sandwhich shops, fast foods and restaurants for patent infringement? If so, maybe they should start selling indemnification insurance at the supermakets as well for an extra $0.99 per item ($0.88 at Wal-Mart)?
On a more technical side, would this mean that because I own 3 nVidia video cards I may get sued by ATI and I need insurance just in case? Where and how is this line drawn, if there is one?