Slashdot Mirror
Startup to Offer Open Source Insurance
ThePretender writes "From the Infoworld article, 'Open Source Risk Management LLC (OSRM), a startup company that last month hired Pamela Jones, editor of the popular Groklaw.net Web site, as director of litigation risk research, plans to soon begin offering insurance policies to companies using open source software but fear that they may be sued, according to a company spokeswoman'. What's next - Developers having to pick up 'code malpractice' insurance? Egads." Might as well get some alien abduction insurance while you're at it.
They already have it. The agency I work for has several carriers that will write a malpractice (officially called "Professional Liability") policy for computer nerds. The standard one that I've seen provides a million dollars of coverage in the event that you screw up and cause something like data loss or the like. The policy itself is pretty broadly worded and could cover everything from bugs in a program you wrote to a general mistake of stupidity dealing with media. As I recall they start at about $1,200+ a year depending on the type of business and the people involved.
All insurance really does is protect you from losses that you couldn't (or don't want to) afford. The comment from the summary sounds sarcastic (as well as the "throw-your-money-away dept." tagline) but in reality in this sue happy world these types of policies are not a bad idea. Do you want to lose your business and livelihood over an honest mistake and some sue happy customer? A few hundred or thousand bucks for peace of mind is a small price to pay in this day and age.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
What's next - Developers having to pick up 'code malpractice' insurance?
I am in consulting and guess what, insurance to protect me in case of a damage causing programming error starts at over $2,000 a year! And for good reason, imagine you write something that rounds up instead of down in the hundredths place for some output from a data generatng monte carlo. It could go unnoticed for months, and then tens of millions of records in a database could need to be checked and recalculated. That would be HUGE $$$.
she's not former.
and fp, I think?
Is very handy... especially the double payout for anal probing.
I thought she still heads groklaw...
I hope they start offering eye strain insurance soon because of all of the SCO related articles.
It's called Errors and Omissions insurance.
Doesn't sound like a place I'd want to work. What happens when SCO gets swept back under the rug? I realize that some businesses may want the security of having this, but I would think that a more general insurer would be able to take care of that. This seems way too specialized for a niche that I'm not convinced exists, or, if it does, that will last.
The bigotry of the nonbeliever is for me nearly as funny as the bigotry of the believer. - Albert Einstein
Sure, I guess it makes sense because there have been more documented cases of alien abuductions than documented copied lines of UNIX.
HIV Crosses Species Barrier... into Muppets
I mean, in case *BSD dies or something like that.
Unless the insurance premium is kept low - it could be low now, but we only need a couple of alligation to push up the premium - eventually, only big development houses can afford such insurance, and what are part-time freelance developers going to do?
The main problem is, when you have such 'standard protection' for malpractice, consumers want to see that you're insured.
Rock that crushes, Paper & Scissors that don't matter.
Forget Linux vs SCO and who's right or wrong..
Look at the broader picture. All that stuff out there on sourceforge. Someone in some cubicle at some business decides some obscure project is useful, and starts using it.
But, that project is illegal. It's stolen code, violating patents and copyrights.
It's that kind of a bullshit legal snare that could send a young business into chapter 11.
If MS or Apple or Adobe stole code for their products, they'd be on the hook for using that stolen code for profit.
If the code was open source though, who do you go after? The people profiting from it - the end user.
Makes absolute sense. In fact, it was the lack of this sort of protection that has kept the company I work for away from OSS. Perhaps I could sway them now.
I don't need no instructions to know how to rock!!!!
I thought PJ was still the editor of GrokLaw. Who's in charge now?
Up to now, the alternatives were:
by buying this insurance, the risk averse company hedges their risk, while still presumably getting a better deal on their software. It's open source capitalism at its finest.
Pamela Jones is still the main contributor and editor for Groklaw.
Check your facts.
~ a low user id is no indication I have a clue what I'm talking about.
There's a company that already offers insurance against just these risks, for a one time price of only $699!
The real Ralph Yarro posts as Anonymous Coward. Anyone else is an impostor.
This sounds like a company that's gone parasitic on FUD.
One line blog. I hear that they're called Twitters now.
This appears to be a mistake in the article - she is *still* the operator/editor of Groklaw in addition to her new position.
...when they really are out to get you.
You have SCO, planning to sue everyone on the face of the Earth until they can collect a "license fee" on every *NIX system, including Linux and BSD. You have patents being granted on new inventions like "use the Internet to sell things". And you have vendors of proprietary software becoming increasingly nervous about the competition from free software; they might decide to play the lawsuit card.
It's not unthinkable that a company would sue end-users directly to "make an example" out of them; SCO already did just that, to AutoZone and DaimlerChrysler.
There are legal threats out there. Insurance against them isn't silly.
steveha
lf(1): it's like ls(1) but sorts filenames by extension, tersely
I'd be interested in what price this insurance sells for.
On the one hand, I would expect it to be cheap inasmuch as many of the legal attacks so far appear to be without merit.
OTOH, with only a small number of underwriters willing to write policies, they could charge interested customers what the market will bear with few suppliers.
And, in some cases, customers may feel that they're getting so much value from their open source software deployments that they'd be willing to pay more than some might expect.
"Provided by the management for your protection."
The company I work for got "the letter" from SCO, and we have now had a second linux-based project shot down due to SCO's FUD working. This is frustrating, to say the least, when the appropriate technical situation is being held hostage by SCO.
If we could buy insurance against the near-zero chance that SCO could be successful, we might be able to get these projects going in the direction that makes technical sense, and stop worrying about (insert rant about McBride and company here).
I just saved a bundle on my Linux insurance!
Breakfast served all day!
I'll insure anyone who wants to send me $1000 per year against catastrophic meteorite impact leading to the destruction of all civilization.
Wouldn't you pay for that peace of mind? Think about it, won't you? Thank you.
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
I just saved a load of money on my linux insurance by switching to UnixWare!
I don't need no instructions to know how to rock!!!!
I don't see why there is such a negative response to this post. I would bet that many if not most of the companies who paid SCO licensing fees would have opted for this deal instead, had it been available, leaving SCO with a lot less money for frivolous lawsuits. In fact, it wouldn't just take money away from SCO--it would give it to the other side. Any company offering open source insurance would have a huge financial interest in fighting a company like SCO, giving the open source movement some much need legal muscle. If insurance like this got more popular, it could seriously weaken SCO's business model.
Is it just me, or is anyone else worried about the incentive structure this sets up?
I mean, now an unscrupulous open source developer could intentionally insert some blatantly stolen code, claiming it's their own; some in-cahoots business with a copyright on the code can take everyone to court; the insurance will have to pay out big time, and the company slips a million to the asshole developer under the table.
The Open Source movement gets a bunch of bad PR, the code needs an emergency re-write, some scoundrels make a killing, and the insurance company rethinks its business model.
I know insurance investigators can go about investigating and trying to stop this from happening, but it seems like a very hard thing to prove, as along as the payment to the programmer is channeled very secretly.
Can anyone tell me how to set my sig on Slashdot?
It's a very real issue. Misery is being dependent on software from a failed vendor.
Look at SCO's stock chart. The stock has dropped from 19 to 8.75 in the last three months, and it's dropping almost every day now.
SCO believes that its $699 per processor Intellectual Property License for Linux, however, is a better idea. "Ours is certainly the most reasonable way to go and certainly the safest way to go," he said.
Kinda using the words 'reasonable' and 'safest' loosely huh?
---"I am not denying the existence of stupidity, or of stupid people." - phyruxus
Don't insurance companies have to have assets to back their policies?
How would you figure out how much money would be necessary to back these policies? If you believe that the risk is zero, and they don't need money, then the business becomes a confidence scheme. If you believe that the risk isn't zero, you need something to back it up.
On top of that, if you insure people against auto accidents, or serious diesease, you can assume that everyone won't get hit at the same time. But if it turned out that running linux exposed you to liability, then all of the policy holders would have to be paid off at once. In other words, there's no way the premiums would be able to cover it.
I'm not an actuary or an insurance expert, so maybe I don't understand what's going on. But it doesn't smell right to me.
This summer I had the opportunity to work for BlackDuckSoftware.com. Black Duck has built software to help developers (from individuals to large corporations) manage their use of open source software. Essentially, the software enables firms to track the usage of open source code, determine conflicts (if any) and suggest methods of compliance. It takes into account methods of combining code, whether the code is for internal use or public distribution, any number of other considerations that involve open source license compliance. It is able to deal with code licensed under *all* of the certified open source licenses as well as many other proprietary licenses.
While it is not insurance, and does not provide any kind of indemnification, it is a damn good management tool. Its goal is to allow companies to make use of open source code in such a way that full compliance is facilitated, and to avoid any uh-oh moments that happen after code is commerically released.
I worked on the development of the license interpretation module. It involved reading (and re-reading) 50+ licenses and parsing their terms such that compatibility determinations and compliance requirements could be generated for every possible combination of license, code, distribution, concatenation, link, modularization, etc. of a software product. It was exhausting (and sometimes tedious) work, and it certainly made it easy to tell which licenses were written by lawyers, which by coders, and which were written with input from both. It gave me new understanding of why unenlightened legal departments sometimes shy away from open source. Nonetheless, the reality is these licenses exist, are in use today, and are all valid until some court says otherwise. Licensors (i.e. coders in the community) have every right to expect their terms to be adhered to.
Being a geek myself, and a law student, it was pretty gratifying to see that a company wanted to build a product that helped managers to understand and not fear the open source phenomenon. Further, I think the product will really help firms stay fully compliant when they decide to use open source code. And that, in the end, is all our community can ask for.
cleetus
I've been swashdotted -- Elmer Fudd
http://www.osriskmanagement.com/about.shtml is pretty clear that Pamela Jones is staying with groklaw.
http://linuxpr.com/releases/6631.html is as well.
http://techupdate.zdnet.com/techupdate/stories/mai n/open_source_insurance.html doesn't mention PJ but is informative.
P.S. Apparently the SCO fee of $699 would buy $23,300 of OSRM coverage...which will include defending from attacks by SCO.1) Our dear friend Darl has made threatening noises with regard to Groklaw being on the side of whoever SCO is suing this week (e.g., IBM, Red Hat, Novell, Autzone, etc.). OSRM may provide PJ and the rest of the Groklawyers with a corporate vehicle to continue doing exactly what they've been doing without fear that Darl can go after PJ (in particular but also anyone else who contributes) in some sort of malicious (big $ personal lawsuit) way. SCO has amply demonstrated that their response to anyone who opposes them is to file a lawsuit (See SLAPP).
2) You will note that the first activity of this insurance company doesn't seem to be trying to sell an insurance policy. Its to offer a class "...on how best to mitigate the risk of using open source software". Any bets that a lot of that class will be on how to file the right paper work to legally tell SCO to go find an alien who can probe them until the existing SCO litigation is cleared up including deciding if SCO really does own the copyrights to UNIX? (Maybe Darl should look into that alien abduction insurance.)
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
- First they ignore you, then they laugh at you, then ???, then profit.
This sounds like a hoax to me. PJ continues to post articles to Groklaw so I don't think she's the former editor. I also haven't heard anything about this venture from there, nor has she been particularly enthusiastic for OSS indemnification in the past.
I could be wrong, but for the moment, I'll hold off taking them seriously.
Here's a hypothetical scenario:
- You buy a jar of mayonnaise made by Kraft
- Kraft gets sued by SCOMayo (whatever) for infringing on one of their patents on how to make mayonnaise that stays fresh for up to 12 months and loses
- SCOMayo now sues everyone who ever bought and stored the patent-infringing mayonnaise from Kraft and demands additional $6.99 for every jar of mayonnaise purchased?
IANAL, so I don't understand how this works. Can SCOMayo sue individual people and sandwhich shops, fast foods and restaurants for patent infringement? If so, maybe they should start selling indemnification insurance at the supermakets as well for an extra $0.99 per item ($0.88 at Wal-Mart)?
On a more technical side, would this mean that because I own 3 nVidia video cards I may get sued by ATI and I need insurance just in case? Where and how is this line drawn, if there is one?
That's somewhat of a ridiculous comparison. If you're going to compare OSS and closed source methodologies, you should not do the equivalent of comparing a teen garage band with the New York Philharmonic. A better comparison would be "enterprise" closed source, versus open source that has a lot of manpower behind it.
The open source that tends to get used the most is the stuff that has a strong userbase and active developers. The 14-year-old-written "this is l33t so I wrote it, visit my blog d00d!@!@!!" kind of software is occasionally useful if you need something to do a small, handy thing on your workstation, but rarely gets used heavily in production -- even by workplaces using open source.
More likely, the software written is by some post-graduate or a group of programming enthusiasts who are interested in the program concept or have found it useful and decided to help improve it. Most of the GNU software, MailScanner (an extremely flexible virus/spam gateway), and the Linux kernel itself, is written in this manner. Many of them release designs and papers, something which the companies you're speaking of often keep in-house and hidden from the public.
Now to my personal mistrusts. I personally mistrust software that's probably written by someone with a passing familiarity with Visual Basic, who does not speak my language and does not document the program properly. If you wonder what I mean, try installing some of that "bonus software" that comes with your inkjet, scanner, or CD writer on your system and you'll learn a painful lesson. Not all software written by a company is good, or even has a reasonable design behind it -- and sometimes, even with a reasonable design it's still programmed badly.
There's no sig like this sig anywhere near this sig, so this must be the sig.
Okay, I've got to mention it...
Why spend the money on alien abduction insurance when you could just invest it in an AAI Abduction Experience and find out whether you'd actually like being abducted by aliens?
Can't beat the company motto: If they won't contact you, contact us!
* * *
It is a dada story -- it has no moral.
Not what i expected to hear when I heard "Open Source Insurance"
How about the following model for open source insurance.
Get a group of a couple hundred people together - all within a couple of degrees of eachother. Blue book eachothers cars - then all pay into an investment fund a set rate each month for auto or other insurance. Not into an insurance policy with some other carrier - but an actual investment/savings fund.
Take an umbrella policy out on the whole investment for an extreme case, and pay for that policy out of the combined account. If there is an accident that requires payment over a certain percentage of the value of the fund - then you leverage the policy from some insurance carrier that you have purchased. But, if at the end of the year there are no accidents - the investment OSI can pay a dividend on the money paid in and invested.
All other insurance companies operate this way - but here is a community based insurance. The big guys are just investment companies that take otehr peoples money to invest with in leiu of paying them off if something should happen to them or the property that they are esentially using as an asset backing to the investment. In the sense that the maintaining of the well-being of the object is the incentive for the person to pay to insure its well-being. and in the case of auto insurance - this investment revenue is guarenteed by law.
You must have insurance on your vehicle regardless of whether you have been in an accident. and if, at the end of the year - you dont get into an accident - you do not get any return on your contribution to the insurance companies investment.
in his speec at Harvard awhile back.
Full text here
"If you are thinking about working in the law of free software, and gosh, I hope you are, one of the things you might want to be thinking about working on is the software conservation trusts that are going to be growing up around this economy in the next five years. I'll help you make one, or you can come to work in one of mine. We're going to need to spend a lot of time doing work which is associated with trustees. We're going to be spending a lot of time making sure that things are put together and they are built well. And we are going to be doing that on behalf of a third-party insurance industry which is going to be growing up, is growing up before our very eyes now, which is learning that it really cares how the free software is assembled."
you're all figments of my deranged imagination
The Infoworld article called PJ a 'former' editor.
Yeah right. From today's GL:
I've been getting inundated with email, asking if Groklaw will be shutting down, thanks to an article in InfoWorld that identified me as the "former editor of Groklaw". That is inaccurate. I am still the editor of Groklaw, and my work with OSRM is separate from it. My contract is written so as to ensure my having time to do Groklaw. I have always done paid work in addition to Groklaw, so this isn't anything new.
The article said that SCO didn't sound displeased to hear the news. Not that I wish to throw cold water on anyone's pleasure in Lindon or anything, but Groklaw isn't going anywhere.
They are two distinct areas of insurance. Public is to protect you if a visitor (non-employee) trips over in your office and breaks a leg. Professional is for when you fsck up (as parent said - data loss, etc).
That said, when I was establishing my IT company it was astounding how many traditional insurance firms would outright refuse to insure us. They wouldn't demand overzealous premiums, but flatly refuse to insure IT startups.
There is more than enough demand for this, if Pamela can keep them afloat (she's got the skills) then it will benefit us all.
Insurance sucks, but not as much as being sued...
Q.
Insert Signature Here