Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open-Source Insurance

Posted by ScuttleMonkey on from the scheming-and-racketeering dept.

* * Beatles-Beatles writes to tell us that several insurance agencies have formed a partnership to offer open-source compliance insurance. From the article: " The insurance will cover up to $10 million in damages, including profit losses related to noncompliance with an open-source software license. The policy could, in some cases, cover the cost of repairing code that was found to infringe on open-source licenses such as the General Public License, which is used with the Linux operating system."

6 of 110 comments (clear)

  1. FUD? by griffinn · · Score: 5, Funny

    Much better to take on an insurance against SCO than this FUD disguised as "insurance".

  2. Then and now by Flyboy+Connor · · Score: 5, Interesting
    Then: Big company thinks of stealing open source code for their products, but refrain because they are afraid of legal consequences.

    Intermediate: Insurance company knows that no open source developer has the money to sue, even if they would be able to discover that their code had been stolen.

    Now: Big company tajes insurance and starts stealing open source code, because they feel there is no legal risk anymore.

    In the end: Open source developers get screwed once again and the only people getting rich over it are the lawyers. Nothing new here.

  3. Re:Accidental? by Zog+The+Undeniable · · Score: 5, Insightful

    It's common to take out indemnity policies against the possibility of future legal action where all steps have been taken to try and resolve the issue beforehand. A real estate example would be where a new access road crosses a strip of land, the owner of which is unknown and cannot be traced after an exhaustive search. A policy is put in place to pay $m if the owner ever appears and wants paying for the "ransom strip" or threatens to build a wall along it.

    Now if the buyers of the policy KNEW there was copyright SCO code in the software then no, they shouldn't expect the policy to cover them and I'm sure the T&Cs make that clear.

    And yes, I am an auditor.

    --
    When I am king, you will be first against the wall.
  4. How about EULA licence-violations? by zcat_NZ · · Score: 5, Insightful

    What businesses REALLY need is insurance against Microsoft (and other BSA member companies) licence violations.

    SERIOUSLY

    Because for any reasonable-sized organisation it is very expensive to do a license audit, and almost impossible to be sure that you're completely in compliance. Many businesses have found that it's easier and cheaper to just buy a completely new set of licenses than try and figure out if the ones they already have cover everything they're running.

    And because if you're not in compliance, even by just a little bit, you _will_ get hit with substantial fines which cost a LOT of money to fight that in court.

    --
    455fe10422ca29c4933f95052b792ab2
  5. Not as dumb as it sounds... by Max+Nugget · · Score: 5, Insightful

    There is indeed such a thing as "accidentally" infringing on open-source code licenses. You see, while the individual developer who copies the code is usually aware of its legal incumberances, it would be quite easy for the corporation's management, board of directors, and shareholders to be unaware of the legal deathtrap the lowly developer employee is leading the company into. And lest we remember, it is the CORPORATION that would be found to have infringed the copyright, not the employee. The corporation would face responsibility for what its employee did. From this perspective, having insurance against such things might not be such a bad idea.

    And by the way, I would wager to bet that a non-trivial percentage of employed developers are unfamiliar with the specifics (or fundamentals) of the GPL and other common licenses. Also, there are many scenarios in which miscommunication between employees and management could lead to unintentional use of open-source code. Who knows, maybe an employee is even deliberately trying to get the company into hot water.

    Someone else here mentioned that this kind of insurance would make it easier for bigger companies to violate open-source licenses, since they'd be shielded from any legal damages. In response to that, allow me to introduce you to the phrase "Insurance fraud." Don't think for a second that these insurance companies won't be carefully pouring over company documents, correspondences, etc, to make sure the infringement was indeed "accidental" in whatever sense the word becomes defined as.

    As someone else said, probably the only question is whether these companies can speculate the open-source-infringement-lawsuits world accurately enough to stay profitable. It seems to me that's easier said than done, but I do think the idea makes sense in theory at least.

  6. Re:GPL devel needs insurance? by LordNightwalker · · Score: 5, Insightful

    On top of that, assuming these projects aren't open-source themselves -- how are OSS groups able to know that companies are stealing their code if OSS groups can't review the code itself?

    Sometimes it's possible to deduce this from looking at the compiled code. Especially with libraries. Now I'm not an expert on the issue, but cases of closed source vendors getting caught in the act of including opensource portions in their product have been discussed often enough here on slashdot, so I find it odd that you seem to be unaware of this.

    --
    Install windows on my workstation? You crazy? Got any idea how much I paid for the damn thing?