Slashdot Mirror
Open-Source Insurance
* * Beatles-Beatles writes to tell us that several insurance agencies have formed a partnership to offer open-source compliance insurance. From the article: " The insurance will cover up to $10 million in damages, including profit losses related to noncompliance with an open-source software license. The policy could, in some cases, cover the cost of repairing code that was found to infringe on open-source licenses such as the General Public License, which is used with the Linux operating system."
There's no such thing as a Lloyds division or sub-division, which indicates the author of the original article doesn't really understand what they're talking about. The Corporation of Lloyds is an insurance market in which syndicates, such as Kiln, offer underwriting services. A Lloyds syndicate underwriter will underwrite pretty much any policy in their general area offered them by a broker ... at the right premium.
I seem to remember interning for (ironically enough) an insurance company's IT department a few summers ago and hearing about how they took out liability insurance on pretty much all of the open-source tools they used. This even included things like Perl, where the chances of being sued are fairly small, just to be absolutely sure. Furthermore, it sounded like they'd been doing this for a while.
I suppose that their policies might not have covered the costs to get it into compliance and other such expenses. Still, I'm sure that huge companies like IBM have been careful to insure against such possibilites for years. It would be foolish for them not to.
Defending copyright infringement of any source code is ridiculous. You can't accidently copy a line from someone else's program to yours. Infringement is only deliberate.
That issue is not quite simple. Like the another poster pointed out you can end up with code that looks alot like an OSS implementation quite by chance simply because there is a very limited number of ways to solve a certain problem. Another way you could end up in trouble because of OSS could happen is if one of your developers decided to cut corners on a project and rips code from and Open Source project without telling you or if you merge with another company and find out that they have built Open Souce code into the application code that you acquired in the merger. If these developers strip off the comments and hide their tracks well it might not be obvious at all to you or your code reviewers that the code came form an OSS project. One other way you could get into troube over Opens Source software is if you produce a commercial application that links to Open Source libaries. From what I know it is not at all legally clear in some countries whether this quaifies your commercial application as a derivetive work. If somebody takes you to court over this and the judge rules an app that links to Open Source code is a derivative work you would be in trouble. In all of these cases (except perhaps the last one since it is still a legal gray area) it would be hard to accuse you of 100% evil and deliberate IP theft or infringement and I can see how an insurance that protects you during a resultant law suit and the subsequent repair work to get rid of the infringing code might come in handy if it isn't to expensive, especially for a startup company.
Only to idiots, are orders laws.
-- Henning von Tresckow
There are several reasons not to. First, since the person was engaging in illegal activities, then the odds are that the premiums paid to the insurer were illegally acquired and may be seizable. Second, the insurer probably knew a lot about what was going on (otherwise they'd be crazy to sell this sort of insurance) and probably would be at risk as some sort of accomplice. But let's assume that you got past that.
The other two obstacles are that there's a high "moral hazard" here that the recipient will engage in riskier behavior now that they have insurance. Second, in any case, the risk is so high that the insurance policy will be expensive. Insurance works much better for low probability high cost events. But if the payout can be postponed to the future, eg, an annuity for X years starting after you leave prison, then you can lower total costs.