Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open-Source Insurance

Posted by ScuttleMonkey on from the scheming-and-racketeering dept.

* * Beatles-Beatles writes to tell us that several insurance agencies have formed a partnership to offer open-source compliance insurance. From the article: " The insurance will cover up to $10 million in damages, including profit losses related to noncompliance with an open-source software license. The policy could, in some cases, cover the cost of repairing code that was found to infringe on open-source licenses such as the General Public License, which is used with the Linux operating system."

12 of 110 comments (clear)

  1. Cost? by DraconPern · · Score: 4, Insightful

    So, just like other policies, how much will it cost? $100? $1 million? It's kind of point less to talk about the $10 million coverage when you don't know how much it will cost...

    1. Re:Cost? by bogado · · Score: 4, Insightful

      In efect, why not making an insurance to people who do illegal trading in the stock market? It is high risk business, and can be very lucrative. Or maybe another illegal trade, the drug market suffer from losses from aprehensions by the police, maybe there should be a insurance to help those people also.

      I for one want a insurance aggainst the RIAA, MPIAA. They are known to make scapegoates and fine them for the loss of "millions of dollars". This insurance would be highly lucrative, since only a very small fraction of people do get to be fine and the market for it is huge (or at least RIAA and MPIAA have been saing so).

      --
      []'s Victor Bogado da Silva Lins

      ^[:wq

  2. FUD? by griffinn · · Score: 5, Funny

    Much better to take on an insurance against SCO than this FUD disguised as "insurance".

  3. GPL devel needs insurance? by ejito · · Score: 4, Insightful

    Is the GPL (or other open source licenses) that complicated that you just can't hire (or task) someone to review your development practices to be in accordance?

    Well, it's Lloyd's of London subdivision offering this (the same people who insure body parts), so it's probably more publicity than anything.

    1. Re:GPL devel needs insurance? by LordNightwalker · · Score: 5, Insightful

      On top of that, assuming these projects aren't open-source themselves -- how are OSS groups able to know that companies are stealing their code if OSS groups can't review the code itself?

      Sometimes it's possible to deduce this from looking at the compiled code. Especially with libraries. Now I'm not an expert on the issue, but cases of closed source vendors getting caught in the act of including opensource portions in their product have been discussed often enough here on slashdot, so I find it odd that you seem to be unaware of this.

      --
      Install windows on my workstation? You crazy? Got any idea how much I paid for the damn thing?
  4. Then and now by Flyboy+Connor · · Score: 5, Interesting
    Then: Big company thinks of stealing open source code for their products, but refrain because they are afraid of legal consequences.

    Intermediate: Insurance company knows that no open source developer has the money to sue, even if they would be able to discover that their code had been stolen.

    Now: Big company tajes insurance and starts stealing open source code, because they feel there is no legal risk anymore.

    In the end: Open source developers get screwed once again and the only people getting rich over it are the lawyers. Nothing new here.

    1. Re:Then and now by PSVMOrnot · · Score: 4, Insightful

      "Now: Big company tajes insurance and starts stealing open source code, because they feel there is no legal risk anymore."

      I think you need to add a line in there between Now and In The End. something like this:

      Next: Someone finally sues Big company over the infringement, and Big company finds that due to some small print they aren't covered. (ie: a clause saying they can't knowingly be involved in infringing activity)

      Insurance companies will try to avoid any sort of payout, even^H^H^H^Hespecially if they know they are blatently in the wrong.

      (IANAL, but I was in insurance briefly)
  5. Accidental? by Anne+Thwacks · · Score: 4, Insightful
    Do they also offer insurance against "accidentally" selling your soul to the devil?

    Any person in any corporation buying this should be subjet to instant dismissal. If you are a shareholder in a company that buys this, then you should sell your shares immediately, as it is clear proof that the management is corrupt or incompetent.

    The Institute of Chartered Accountants should be expected to recognise it as a symptom of malpractice, and if auditors fail to recognise it as such, then the auditors are also guilty of malpractice.

    --
    Sent from my ASR33 using ASCII
    1. Re:Accidental? by Zog+The+Undeniable · · Score: 5, Insightful

      It's common to take out indemnity policies against the possibility of future legal action where all steps have been taken to try and resolve the issue beforehand. A real estate example would be where a new access road crosses a strip of land, the owner of which is unknown and cannot be traced after an exhaustive search. A policy is put in place to pay $m if the owner ever appears and wants paying for the "ransom strip" or threatens to build a wall along it.

      Now if the buyers of the policy KNEW there was copyright SCO code in the software then no, they shouldn't expect the policy to cover them and I'm sure the T&Cs make that clear.

      And yes, I am an auditor.

      --
      When I am king, you will be first against the wall.
  6. How about EULA licence-violations? by zcat_NZ · · Score: 5, Insightful

    What businesses REALLY need is insurance against Microsoft (and other BSA member companies) licence violations.

    SERIOUSLY

    Because for any reasonable-sized organisation it is very expensive to do a license audit, and almost impossible to be sure that you're completely in compliance. Many businesses have found that it's easier and cheaper to just buy a completely new set of licenses than try and figure out if the ones they already have cover everything they're running.

    And because if you're not in compliance, even by just a little bit, you _will_ get hit with substantial fines which cost a LOT of money to fight that in court.

    --
    455fe10422ca29c4933f95052b792ab2
  7. Not as dumb as it sounds... by Max+Nugget · · Score: 5, Insightful

    There is indeed such a thing as "accidentally" infringing on open-source code licenses. You see, while the individual developer who copies the code is usually aware of its legal incumberances, it would be quite easy for the corporation's management, board of directors, and shareholders to be unaware of the legal deathtrap the lowly developer employee is leading the company into. And lest we remember, it is the CORPORATION that would be found to have infringed the copyright, not the employee. The corporation would face responsibility for what its employee did. From this perspective, having insurance against such things might not be such a bad idea.

    And by the way, I would wager to bet that a non-trivial percentage of employed developers are unfamiliar with the specifics (or fundamentals) of the GPL and other common licenses. Also, there are many scenarios in which miscommunication between employees and management could lead to unintentional use of open-source code. Who knows, maybe an employee is even deliberately trying to get the company into hot water.

    Someone else here mentioned that this kind of insurance would make it easier for bigger companies to violate open-source licenses, since they'd be shielded from any legal damages. In response to that, allow me to introduce you to the phrase "Insurance fraud." Don't think for a second that these insurance companies won't be carefully pouring over company documents, correspondences, etc, to make sure the infringement was indeed "accidental" in whatever sense the word becomes defined as.

    As someone else said, probably the only question is whether these companies can speculate the open-source-infringement-lawsuits world accurately enough to stay profitable. It seems to me that's easier said than done, but I do think the idea makes sense in theory at least.

  8. Re:Silly? by bit01 · · Score: 4, Insightful

    True however keep in mind that there are just as many ways to infringe on closed source software licenses.

    Whether a license is for open source or closed source is irrelevant to the question of legality.

    Some people might argue that because open source software is easier to get then infringement is much more likely. Other people might argue that because closed source software licenses are generally much more restrictive then infringement is easier and much more likely. Either is true to a certain degree so if you're going to argue for the need for insurance you should be arguing the need for insurance for all software licenses, and not just open source.

    The fact that the insurance company is only offering the insurance for open source suggests to me that, apart from it being trendy, they think that they can maximise their profits. In other words their costs in this area, as compared to closed source insurance, are lower and is evidence for lower monetary risk when using open source software.

    ---

    I'm not worried about the use of DRM. I'm worried about the abuse.