Slashdot Mirror

← Back to Stories (view on slashdot.org)

Startup to Offer Open Source Insurance

Posted by michael on from the throw-your-money-away dept.

ThePretender writes "From the Infoworld article, 'Open Source Risk Management LLC (OSRM), a startup company that last month hired Pamela Jones, editor of the popular Groklaw.net Web site, as director of litigation risk research, plans to soon begin offering insurance policies to companies using open source software but fear that they may be sued, according to a company spokeswoman'. What's next - Developers having to pick up 'code malpractice' insurance? Egads." Might as well get some alien abduction insurance while you're at it.

23 of 268 comments (clear)

  1. Malpractice Insurance by Shakrai · · Score: 5, Informative

    What's next - Developers having to pick up 'code malpractice' insurance? Egads.

    They already have it. The agency I work for has several carriers that will write a malpractice (officially called "Professional Liability") policy for computer nerds. The standard one that I've seen provides a million dollars of coverage in the event that you screw up and cause something like data loss or the like. The policy itself is pretty broadly worded and could cover everything from bugs in a program you wrote to a general mistake of stupidity dealing with media. As I recall they start at about $1,200+ a year depending on the type of business and the people involved.

    All insurance really does is protect you from losses that you couldn't (or don't want to) afford. The comment from the summary sounds sarcastic (as well as the "throw-your-money-away dept." tagline) but in reality in this sue happy world these types of policies are not a bad idea. Do you want to lose your business and livelihood over an honest mistake and some sue happy customer? A few hundred or thousand bucks for peace of mind is a small price to pay in this day and age.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
    1. Re:Malpractice Insurance by Shakrai · · Score: 5, Informative
      I'm no legal expert, but couldn't all of this be avoided with a proper disclaimer in the licence for the software?

      And in theory you can prevent people from suing you if you put up a "Beware of Dog" sign or a "Private Property" sign. In reality you'll always find some clever lawyer or easily-swayed jury that rules the other way.

      Are you going to trust the future of your business and life to a disclaimer?

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    2. Re:Malpractice Insurance by kfg · · Score: 5, Insightful

      In reality you'll always find some clever lawyer or easily-swayed jury that rules the other way.

      Without even going that far, the act of being sued can be devastating, even if you just fight for a year and then they back off and it never really goes to trial.

      Let's say a hundred bucks or so every time your lawyer picks up the phone. Several hundred for a letter. A grand for a simple motion. A couple months of just futzin' around and the legal bills can add up in a hurry.

      I know of a judge who treats every petty charge as if it were a federal case. Really comes down hard on everyone, right down to a simple parking violation. And yet if you look at his conviction records they're no different than average.

      When asked what gives he said, " I make them have to get a lawyer. Now that is punishment."

      It isn't usually losing a suit that hurts. It's simply being involved in one. You have to get a lawyer. And anyone can sue you over damned near anything.

      KFG

    3. Re:Malpractice Insurance by MarkedMan · · Score: 4, Insightful

      " I'm no legal expert, but couldn't all of this be avoided with a proper disclaimer in the licence for the software?"

      ABSOLUTELY NOT! Trust me on this one. Insurance is about having a guy on your side with a team of experienced lawyers. That is what it is for. If you don't have that, they can skin you alive. Because of some bad advice I got from my insurance broker, I spent over $100,000 on attorneys fees for a case that a jury would have laughed out of court. But that's the rub: the plaintiff's lawyers make it as expensive as possible to get to court, and even there you better be good looking and well spoken or the jury might decide to split the difference. Heck, with all those big words getting thrown around, you could lose because a single juror misunderstood something trivial.

      The reality is that there is no justice for a small business standing alone. Lawyers are sharks and you are penguins. Tasty, tasty, defenseless penquins. They know they can wear you down, because there is nothing you can do to stop them. You can't represent yourself, because one mistake in filing means you lose the whole case and your house, savings and life goes down the tubes.

      Despite the above, I'm not really bitter. It's over and I'm glad it is over. But I really understand the need for insurance now, which is to bring your own personal shark to the party...

      -Jim

  2. That alien abduction insurance by Anonymous Coward · · Score: 5, Funny

    Is very handy... especially the double payout for anal probing.

  3. Eye Strain Insurance by richarst1414 · · Score: 5, Funny

    I hope they start offering eye strain insurance soon because of all of the SCO related articles.

  4. alien abduction insurance? by morcheeba · · Score: 5, Funny

    Sure, I guess it makes sense because there have been more documented cases of alien abuductions than documented copied lines of UNIX.

    --
    HIV Crosses Species Barrier... into Muppets
  5. How about software life insurance? by Anonymous Coward · · Score: 4, Funny

    I mean, in case *BSD dies or something like that.

  6. It's a good idea by stratjakt · · Score: 4, Insightful

    Forget Linux vs SCO and who's right or wrong..

    Look at the broader picture. All that stuff out there on sourceforge. Someone in some cubicle at some business decides some obscure project is useful, and starts using it.

    But, that project is illegal. It's stolen code, violating patents and copyrights.

    It's that kind of a bullshit legal snare that could send a young business into chapter 11.

    If MS or Apple or Adobe stole code for their products, they'd be on the hook for using that stolen code for profit.

    If the code was open source though, who do you go after? The people profiting from it - the end user.

    Makes absolute sense. In fact, it was the lack of this sort of protection that has kept the company I work for away from OSS. Perhaps I could sway them now.

    --
    I don't need no instructions to know how to rock!!!!
    1. Re:It's a good idea by John+Hasler · · Score: 4, Interesting

      > Look at the broader picture. All that stuff out
      > there on sourceforge. Someone in some cubicle at
      > some business decides some obscure project is
      > useful, and starts using it.

      What bearing does that have on buying Free Software from a respectable company such as Red Hat or IBM?

      > If the code was open source though, who do you
      > go after?

      Whoever made and distributed the unauthorized copies.

      > The people profiting from it - the end user.

      The end user is not liable unless he can be proven to have known about the copyright infringement in advance. Copyright regulates copying, not use.

      > Makes absolute sense. In fact, it was the lack
      > of this sort of protection that has kept the
      > company I work for away from OSS.

      Silly. The risk is exactly the same for closed-source.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  7. Re:"former editor"? by trick-knee · · Score: 5, Informative

    > I thought she still heads groklaw...

    as of Tue Mar 16 12:41:33 MST 2004 she hasn't made any announcement to the contrary...

  8. She's not a former editor! by m0nkyman · · Score: 4, Informative

    Pamela Jones is still the main contributor and editor for Groklaw.

    Check your facts.

    --
    ~ a low user id is no indication I have a clue what I'm talking about.
  9. Nothing new by Ralph+Yarro · · Score: 4, Funny

    There's a company that already offers insurance against just these risks, for a one time price of only $699!

    --

    The real Ralph Yarro posts as Anonymous Coward. Anyone else is an impostor.
  10. What about closed source companies? by AndroidCat · · Score: 4, Interesting
    Why just open source companies? If Microsoft screws up, they're not exactly going to be backing you up if you delivered a product using their software. (In the EULA, their liability is usually limited to what you paid for their software or $10.)

    This sounds like a company that's gone parasitic on FUD.

    --
    One line blog. I hear that they're called Twitters now.
  11. Will they indemnify us against SCO? by djh101010 · · Score: 4, Interesting

    The company I work for got "the letter" from SCO, and we have now had a second linux-based project shot down due to SCO's FUD working. This is frustrating, to say the least, when the appropriate technical situation is being held hostage by SCO.

    If we could buy insurance against the near-zero chance that SCO could be successful, we might be able to get these projects going in the direction that makes technical sense, and stop worrying about (insert rant about McBride and company here).

  12. Programmers' malpractice? by PCM2 · · Score: 5, Informative
    What's next - Developers having to pick up 'code malpractice' insurance?
    Sounds great to me. Every place I've ever done contract programming for has a clause in their contract that basically says, "If somebody sues us, they sue you." Some of them are nicer about it, and pretty much just require you to appear in court if there's ever a problem. Others want you named as a defendant. Saying "don't screw up" wouldn't make me feel as comforted as a good insurance policy -- if such a thing exists?
    --
    Breakfast served all day!
  13. Good alternative to SCO license by weopenlatest · · Score: 4, Interesting

    I don't see why there is such a negative response to this post. I would bet that many if not most of the companies who paid SCO licensing fees would have opted for this deal instead, had it been available, leaving SCO with a lot less money for frivolous lawsuits. In fact, it wouldn't just take money away from SCO--it would give it to the other side. Any company offering open source insurance would have a huge financial interest in fighting a company like SCO, giving the open source movement some much need legal muscle. If insurance like this got more popular, it could seriously weaken SCO's business model.

  14. Bad incentive structure by Phat_Tony · · Score: 4, Insightful

    Is it just me, or is anyone else worried about the incentive structure this sets up?

    I mean, now an unscrupulous open source developer could intentionally insert some blatantly stolen code, claiming it's their own; some in-cahoots business with a copyright on the code can take everyone to court; the insurance will have to pay out big time, and the company slips a million to the asshole developer under the table.

    The Open Source movement gets a bunch of bad PR, the code needs an emergency re-write, some scoundrels make a killing, and the insurance company rethinks its business model.

    I know insurance investigators can go about investigating and trying to stop this from happening, but it seems like a very hard thing to prove, as along as the payment to the programmer is channeled very secretly.

    --
    Can anyone tell me how to set my sig on Slashdot?
  15. How would you know they could pay? by astrashe · · Score: 4, Interesting

    Don't insurance companies have to have assets to back their policies?

    How would you figure out how much money would be necessary to back these policies? If you believe that the risk is zero, and they don't need money, then the business becomes a confidence scheme. If you believe that the risk isn't zero, you need something to back it up.

    On top of that, if you insure people against auto accidents, or serious diesease, you can assume that everyone won't get hit at the same time. But if it turned out that running linux exposed you to liability, then all of the policy holders would have to be paid off at once. In other words, there's no way the premiums would be able to cover it.

    I'm not an actuary or an insurance expert, so maybe I don't understand what's going on. But it doesn't smell right to me.

  16. Warning: BLATANT PLUG by cleetus · · Score: 5, Interesting

    This summer I had the opportunity to work for BlackDuckSoftware.com. Black Duck has built software to help developers (from individuals to large corporations) manage their use of open source software. Essentially, the software enables firms to track the usage of open source code, determine conflicts (if any) and suggest methods of compliance. It takes into account methods of combining code, whether the code is for internal use or public distribution, any number of other considerations that involve open source license compliance. It is able to deal with code licensed under *all* of the certified open source licenses as well as many other proprietary licenses.

    While it is not insurance, and does not provide any kind of indemnification, it is a damn good management tool. Its goal is to allow companies to make use of open source code in such a way that full compliance is facilitated, and to avoid any uh-oh moments that happen after code is commerically released.

    I worked on the development of the license interpretation module. It involved reading (and re-reading) 50+ licenses and parsing their terms such that compatibility determinations and compliance requirements could be generated for every possible combination of license, code, distribution, concatenation, link, modularization, etc. of a software product. It was exhausting (and sometimes tedious) work, and it certainly made it easy to tell which licenses were written by lawyers, which by coders, and which were written with input from both. It gave me new understanding of why unenlightened legal departments sometimes shy away from open source. Nonetheless, the reality is these licenses exist, are in use today, and are all valid until some court says otherwise. Licensors (i.e. coders in the community) have every right to expect their terms to be adhered to.

    Being a geek myself, and a law student, it was pretty gratifying to see that a company wanted to build a product that helped managers to understand and not fear the open source phenomenon. Further, I think the product will really help firms stay fully compliant when they decide to use open source code. And that, in the end, is all our community can ask for.

    cleetus

  17. Re:She's not a former editor yet! by h00pla · · Score: 4, Informative
    I believe she's stated many times that when the SCO case blows over (and SCO blows up and McBride and Co. dry up and blow away) she wanted the site to evolve into a forum for open source and free software legal issues. As far as getting out, I don't think she's ever said that.

    --
    I've been swashdotted -- Elmer Fudd
  18. A couple of reasons by DaveAtFraud · · Score: 4, Interesting
    Regular readers of Groklaw have a pretty good idea what PJ thinks of SCO's chances with their various lawsuits. I see a couple of different reasons why PJ and Bruce Perens would both (RTFA) be in on this:

    1) Our dear friend Darl has made threatening noises with regard to Groklaw being on the side of whoever SCO is suing this week (e.g., IBM, Red Hat, Novell, Autzone, etc.). OSRM may provide PJ and the rest of the Groklawyers with a corporate vehicle to continue doing exactly what they've been doing without fear that Darl can go after PJ (in particular but also anyone else who contributes) in some sort of malicious (big $ personal lawsuit) way. SCO has amply demonstrated that their response to anyone who opposes them is to file a lawsuit (See SLAPP).

    2) You will note that the first activity of this insurance company doesn't seem to be trying to sell an insurance policy. Its to offer a class "...on how best to mitigate the risk of using open source software". Any bets that a lot of that class will be on how to file the right paper work to legally tell SCO to go find an alien who can probe them until the existing SCO litigation is cleared up including deciding if SCO really does own the copyrights to UNIX? (Maybe Darl should look into that alien abduction insurance.)

    --
    They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
    Ben
  19. How do you draw the line? by zurab · · Score: 4, Interesting
    However, the end user *is* liable for patent infringement.

    Here's a hypothetical scenario:

    - You buy a jar of mayonnaise made by Kraft
    - Kraft gets sued by SCOMayo (whatever) for infringing on one of their patents on how to make mayonnaise that stays fresh for up to 12 months and loses
    - SCOMayo now sues everyone who ever bought and stored the patent-infringing mayonnaise from Kraft and demands additional $6.99 for every jar of mayonnaise purchased?

    IANAL, so I don't understand how this works. Can SCOMayo sue individual people and sandwhich shops, fast foods and restaurants for patent infringement? If so, maybe they should start selling indemnification insurance at the supermakets as well for an extra $0.99 per item ($0.88 at Wal-Mart)?

    On a more technical side, would this mean that because I own 3 nVidia video cards I may get sued by ATI and I need insurance just in case? Where and how is this line drawn, if there is one?