decoration decoration

When you want to know more...
For layout only
Site Map
About Groklaw
Legal Research
ApplevSamsung p.2
Cast: Lawyers
Comes v. MS
Gordon v MS
IV v. Google
Legal Docs
MS Litigations
News Picks
Novell v. MS
Novell-MS Deal
OOXML Appeals
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v Novell
Sean Daly
Software Patents
Switch to Linux
Unix Books
Your contributions keep Groklaw going.
To donate to Groklaw 2.0:

Groklaw Gear

Click here to send an email to the editor of this weblog.

Contact PJ

Click here to email PJ. You won't find me on Facebook Donate Paypal

User Functions



Don't have an account yet? Sign up as a New User

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.

What's New

No new stories

COMMENTS last 48 hrs
No new comments


hosted by ibiblio

On servers donated to ibiblio by AMD.

OSRM To Offer Vendor-Neutral Indemnification -- FORM
Tuesday, January 13 2004 @ 03:01 AM EST

I had a chance to talk with Daniel Egger, a private equity investor at Eno River Capital and the Chairman of Open Source Risk Management (OSRM). OSRM currently offers enterprise end users advice, training and certification to help mitigate potential liability exposures associated with the use of free and open source software. But OSRM is in final preparations to offer comprehensive vendor-neutral free software/open source insurance, a project called Free Software and Open Source Risk Management (FORM).

I have, as you know, issues with indemnification as currently offered, and I've been looking for a workable alternative, some way to handle corporate demand for protection from nuisance law suits without damaging all that is precious about free/open source software and most particularly a method that doesn't in any way conflict with the freedoms of the GPL or interfere with the development process.

Here is the interview I did with Daniel, in which he explains his organization's vendor-neutral alternative. I asked him to explain how the FORM project will work. If you have followup questions, feel free to post them.


1. PJ: Novell has just announced they will be offering indemnification, but I understand you feel you have a better idea. Tell us about your project, please.

Egger: Well, we should acknowledge the value of what Novell is doing to help GNU/Linux succeed. It's great to see Novell, IBM, Intel, and others start to acknowledge by their public actions that it's unrealistic to expect most end users of GNU/Linux systems to be able to cope with legal harassment and frivolous lawsuits on their own.

I’m approaching this whole problem from a belief that what’s commonly called "intellectual property defense insurance" is a present and future business necessity in our litigious system. Widely held insurance is the time-tested remedy for the kind of issues the Free Software and Open Source communities are wrestling with right now, because it eliminates the incentive for opportunistic plaintiff’s lawyers to make unsubstantiated demands and pick off the most vulnerable, uninsured end-users, for whom it will always be much cheaper to settle than to fight. So Novell’s willingness to take serious steps toward coordinating and funding collective defense with an insurance-like offering should be very appealing to end-users.

That said, anyone who knows the history of Unix knows that commercial vendors unintentionally fragmented Unix and actually destroyed its best virtue -- its compatibility -- in a misguided race to add differentiating features of their own. It’s quite possible, if competing vendors offer insurance bundled only with their own “brand” of GNU/Linux or with their own services, treating indemnification as just one more tool in their selling process, that this fiasco will repeat itself with GNU/Linux. And no vendor could or should risk insuring code distributed by other vendors – so with vendor-based indemnification you’ve got messy fragmentation, no matter what.

To avoid these pitfalls, FORM’s long-term approach is to offer comprehensive intellectual property defense insurance that is vendor-neutral, consistent with the Open Source development process and the philosophy of the GPL, and which will cover not only SCO and other copyright claims but patent claims and “novel” future claims against the expanding Free/Open Source code-base. Think of it as “shadow indemnification” that puts current and future Free/Open Source code on an equal footing with proprietary software from a risk-management point of view, minimizing total cost of ownership without jeopardizing the freedoms that make Gnu/Linux so cool. The core idea is to offer insurance for Free Software & Open Source itself – the code, the process, the GPL.

2. PJ: While I'm not surre of all the details yet, I understand Novell says they will be offering limited indemnification, somewhat like HP's indemnification. However, with HP, there are restrictions on what you can do with your Linux code. Also, HP only indemnifies you against SCO, I understand. How does your plan differ?

Egger: First I want to say I respect HP for taking a leadership role on indemnification last fall – without Martin Fink and others taking some courageous first steps toward insurance for end-users, we might not be having this discussion about next steps so soon. It was no doubt hard to buck the counter-argument that indemnifying customers against SCO only dignified their claims, or what some have called their shakedown.

But the idea the GNU/Linux lawsuits will stop with SCO – that’s ostrich thinking. Once open source became important to large commercial enterprises – impacting billions of dollars in corporate buying decisions each year – it became fair game for plaintiff’s lawyers, forever. That’s the U.S. legal system. SCO is just the first of many plaintiffs, some sincere, some cynical, that will sue or credibly threaten to sue GNU/Linux end-users, over patent violations, over copyrights, even over security breaches, over laws that don’t even exist yet, you name it, out into the future. The most effective remedy for end-users is comprehensive, vendor-neutral intellectual property defense insurance. If you think SCO is the last, or even the most important, legal threat against GNU/Linux, I have some lovely dot com stocks for you -- at 1999 prices.

Second is the issue of restrictions on what you can do with your Linux code. This involves damage to both the total cost of ownership arguments for commercial uses of GNU/Linux and to the more fundamental values of freedom protected by the GPL.

The business risk for enterprise end users is “lock-in.” If you can’t switch vendors later in order to get support, patches, applications, custom modifications, whatever you want, from whomever charges you the least and does the best job, because you risk losing your critical insurance policy if you do, then one of the key Total Cost of Ownership arguments for Open Source begins to erode.

More fundamentally, the freedoms expressed through the Free Software development process will be damaged in subtle but real ways if individuals must ask permission of a third party before writing new code or running new code, or worse yet are limited in where they could get downloads from, in order not to lose their critical insurance. Richard Stallman rightly calls these kind of potential insurance-driven limitations “obnoxious.”

3. PJ: What limitations on modifications would you foresee in your insurance plan? what could you do? what couldn't you do?

Egger: The rights of end users to modify source code is the critical issue where the “rubber meets the road” and where current vendors’ positions break down.

Our goal is to impose no restrictions on developers beyond the GPL. But of course FORM needs to have an opportunity to study, review, and certify each line of source code before indemnifying it. The solution is that if you modify your code base by introducing new code not yet FORM-certified, everything but the modifications remains insured. And the modifications will be certified as quickly as possible if widely distributed.

But, if you, as the end user, want to insure a piece of code that you have modified for your own use without distribution, or that is currently distributed only to a very small subset of the community, you may need to pay us to review and certify it specifically for you before we can insure it. As with any underwriter, we seek to align all parties’ incentives and avoid moral hazard. We’ve had a very supportive dialogue on just these issues directly with Eben Moglen, General Counsel of the Free Software Foundation, to make sure that the approach we’ve developed is fully consistent with the GPL.

This key commercial issue is also what we have explored with the Open Source Risk Management Working Group, where we have solicited private input from CIOs and General Counsels who are some of the largest commercial GNU/Linux users in the world. We will continue to refine the risk-management offerings in discussions with end users over time. Interested parties can find our schedule of face-to-face meetings at our web site.

4. PJ: If SCO sues a commpany or there is some copycat lawsuit, how would your program protect? How is it different from current indemnification?

Egger: Technically, what we offer today is also indemnification, not insurance. We don’t want to offer something different from what we think vendors should offer. Rather, we want to level the indemnification playing field between proprietary and open and between various GNU/Linux vendors. We certainly hope the end-user market will evolve to the point where we can manage comprehensive indemnification programs for vendors like Novell, Red Hat, HP, with economies of scale and with less risk, than if they did it all in-house. It's in no one’s long-term interest to have an indemnification arms race between various “flavors” of Linux – but offering better indemnification than you can get with proprietary software is fine with me.

From an end users’s point of view, receiving a demand letter, or other credible threat of future litigation, would trigger the indemnification. After a small deductible, you would get your legal defense, software liability, software replacement, and some business interruption costs paid up to a pre-agreed cap. Our current modeling suggests that we can offer $10 million in aggregate coverage per end-user with our planned capital reserves. But if you need more coverage than that, give me a call.

5. PJ: What would be covered?

Egger: Like insurance, it will cover legal defense, liability, software replacement, and some business interruption expenses, for those areas where your code-base is certified by FORM. Types of claims covered will include federal claims – copyright & patent – and state claims that are often considered pendant “IP” claims, including unfair competition and trade secret claims. It will also cover some more novel claims typically covered by “E & O” rather than “IP” insurance – security breaches, loss of information, etc. And it will of course cover SCO, as well as new claims.

6. PJ: Who would offer it?

Egger: OSRM, at Or do you mean who would ultimately carry the underwriting risk? OSRM will carry insurance, and reinsurance from some of the best-known underwriters in the world will stand behind that. We plan to exceed industry-standard capital reserve levels for these kinds of risks by a healthy margin – while simultaneously generating excellent returns for our investors. This is possible because pricing and underwriting even modest amounts of software IP risk capacity remains a highly specialized undertaking with few active competitors participating – and insuring Free and Open Source Software is a HUGE market.

7. PJ: One of the things that troubles me about current indemnification programs is the worry that small developers and companies will get frozen out, that because they can't afford to offer indemnification, no one will use their products. I also worry that the cost of indemnification will erode one of Linux's selling points, its low cost. Can you address my concerns?

Egger: Its a big risk with vendor-based indemnification -- what's their incentive to bother at all at any price? But I don't think that should be a problem at all for our vendor-neutral approach.

Certification of non-kernel type code, like sourceforge projects, is not intended to be burdensome or expensive, just not zero cost - as a way of prioritizing requests and use of finite scanning bandwidth by FORM. FORM makes its money from the premiums themselves - which are fixed as a percentage of maximum coverage.

I'm guessing now, but no more than $1,000 max. to cover the processing costs of scanning a typical specialized application's source. So no truly useful code should get buried because the cost of certifying it is too high.

Also, there is no "penalty" for using non-reviewed code -- it doesn't cause you to lose any coverage you already have - so it's still free.

7. PJ: Why is this better, in your view? Is it possible to have a "free as in freedom" indemnification?

Egger: FORM’s offering is better in the same way that free and open source software is better than proprietary, binary-only software. Vendors may deny that comprehensive coverage is necessary, or, contrariwise, attempt to offer ever-more generous indemnification terms on their own piece of pie, but a vendor-neutral, GPL-cherishing approach will win out over time. The simple reason is that indemnification for free and open source software that is not “free as in freedom” will never succeed in harnessing the near unlimited risk-identification and risk-mitigation capabilities of the motivated Free Software and Open Source communities. The collective knowledge and influence of these people is the “secret weapon” that makes a low-cost, high-limit, broad coverage indemnification offering possible. Groklaw itself demonstrates the power of this community to declaw almost any conceivable plaintiff-monster out there through collective pursuit of the truth. I’d be happy to answer more questions later.

PJ, do you ever sleep?

PJ: As a matter of fact, I do. As in, right now. Thanks, Daniel, for answering my questions.


OSRM To Offer Vendor-Neutral Indemnification -- FORM | 110 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
OSRM To Offer Vendor-Neutral Indemnification -- FORM
Authored by: tanker on Tuesday, January 13 2004 @ 05:03 AM EST
Interesting idea, but I wonder if it may encourage more lawsuits like SCOs.
After all, there are people here in the US (can't speak for other countries)
who are regularly looking for a way they can get a payout from insurance
companies. Insurance fraud is a multi million (or billion) dollar a year issue.
While I don't think that "IP violations" are as easy to fake as a
slip and fall I can't help but wonder whether we might see the same type of
thing happen, which would cause more problems than are solved. Or perhaps I'm
just overly cynical with not enough faith in humanity.

[ Reply to This | # ]

OSRM To Offer Vendor-Neutral Indemnification -- FORM
Authored by: RSC on Tuesday, January 13 2004 @ 05:23 AM EST
It sounds like SCO just lost one more FUD tool.

Whats Didio going to pick on now.....

Any one for a pool?? ;-)

I go for "Indemnification will blow the TCO out"


An Australian who IS interested.

[ Reply to This | # ]

OSRM To Offer Vendor-Neutral Indemnification -- FORM
Authored by: nvanevski on Tuesday, January 13 2004 @ 05:28 AM EST
I can't help but notice that from "Free" software, we're moving to
"Risk-Free" software. One big question that concerns me is : Do I
have to pay (for the said certification) for my software to became really free?

Maybe I misunderstood all this (I'm a little bit tired and I'll reread all
this again), but this seems to me like an attempt to make money by certifying
that given software is _really_ free. I'm sorry for the lack of excitement
about this, but I really don't get this....Somebody please explain it to me in
a few words - Am I still allowed to write free software (and stay assured that
the peer review process will suffice, as it did so far), or I have to go through
the process of "Freedom certification" so my users can still freely
use my applications?

Ok, not that I'm fully negative about this - it's true that SCO is just the
first of many others who will challenge Linux, and the end-users always need to
be protected from their vendor's mistakes. It's just the feeling that the
"Free as in beer" part (and most users need this) slowly dissapears
- if I pay for the right to distribute my applications freely, then I must
charge something (however low) from my user. Of course, I can still distribute
my apps, but which user would want them without the FORM's guarantee?

Please someone refute me as soon as possible!! I need that!

[ Reply to This | # ]

Some questions for Daniel Egger
Authored by: Captain on Tuesday, January 13 2004 @ 05:30 AM EST
It seems Microsoft and some other proprietary vendors do not offer this type of
insurance in the EULA's I have seen. In fact, they expressly disclaim
protection against infringement for end-users.

1. Do you know if their larger customers have similar EULA's, or do they have
special deals which include indemnification?

2. If the latter is not the case, with your program in place, would it actually
become safer (from a infringement-risk point of view) to run insured Linux,
instead of proprietary OSs like Windows?

That might make for some nice anti-fud to counter SCO/Didio's indemnification

Unrelated: There seems to be something wrong with the legal system if you are
forced to buy software-insurance to not get harrassed.

[ Reply to This | # ]

Why SCO likes people to imdenify..
Authored by: eamacnaghten on Tuesday, January 13 2004 @ 05:40 AM EST
For people to indemnify Linux is one of the stratergies of SCO.

If imdemnification, of any kind, is in place SCO will likely go after those guys
banking that it is cheaper to settle than it is to fight. Because of the
settlements flying through the air companies will not take up Linux unless
indemnified by HP, Novell or whoever, and they will simply add the cost of
settling with SCO into the support price.

So SCO has won - they are in effect getting license money through settlements
from HP and Novell.

Imdemnification is dangerous. What is needed is the IBM/OSDL/RedHat approach
which is ensuring that companies will find it cheaper to fight than to settle,
and as I doubt SCO as a case, OSDL/IBM/RedHat eventually get their money back.

[ Reply to This | # ]

Why SCO likes people to imdenify..
Authored by: eamacnaghten on Tuesday, January 13 2004 @ 05:41 AM EST
For people to indemnify Linux is one of the stratergies of SCO.

If imdemnification, of any kind, is in place SCO will likely go after those guys
banking that it is cheaper to settle than it is to fight. Because of the
settlements flying through the air companies will not take up Linux unless
indemnified by HP, Novell or whoever, and they will simply add the cost of
settling with SCO into the support price.

So SCO has won - they are in effect getting license money through settlements
from HP and Novell.

Imdemnification is dangerous. What is needed is the IBM/OSDL/RedHat approach
which is ensuring that companies will find it cheaper to fight than to settle,
and as I doubt SCO as a case, OSDL/IBM/RedHat eventually get their money back.

[ Reply to This | # ]

OT: SCO's answer to Novell
Authored by: eamacnaghten on Tuesday, January 13 2004 @ 05:59 AM EST
Sco has answered Novell's imdemnification/copyright claim effort at news/040113/latu068_1.html.

They link to a resource page they have set up at

The agreement documents/amendments SCO has up there Groklaw also has as text, but I was wondering if there is anything signiicant SCO is leaving out on that page. That would be telling indeed...

[ Reply to This | # ]

SEC probing IBM, Dollar General transaction
Authored by: Anonymous on Tuesday, January 13 2004 @ 06:13 AM EST

SEC probing IBM, Dollar General transaction

[ Reply to This | # ]

OSRM To Offer Vendor-Neutral Indemnification -- FORM
Authored by: eSavior on Tuesday, January 13 2004 @ 06:52 AM EST
Certification for sourceforge projects at a price tag of 1k a pop is out of the
question, in my mind. I remember the days before SF, where open projects had
issues covering just the cost of their bandwidth usage.

/* Doom */

[ Reply to This | # ]

This is VENDOR insurance - User Insurance should not be needed.
Authored by: Anonymous on Tuesday, January 13 2004 @ 07:06 AM EST
Here is why this is just Vendor or developer insurance!

1- The Vendor would or distributor would be developing these features. It would
be not the user. As a the user by definiting is not distributing to other
entities (typically in a commercial setting).

2- Most users are not writing code or adding features to what they install.
They know nothing about the word compile.

These are innocent 3rd party users who are just using what they are acquiring.

If a automobile maker forgot to license a piece of intellectual property from
it's creator/owner THE owner of the car after the car is bought WOULD NOT be
liable to then pay the owner of the intellectual property anything. It is the
duty of the MAKER of the car to pay. This is why we have consumer protection.
It is not reasonable that every consumer of every product that is made should
be required to research every little piece of intellectual property that is in
every product they buy. If this were the case - then no one would buy anything!
The same would be true of SOFTWARE. The governments should step up and make
this a law, if it is not already one!

[ Reply to This | # ]

OSRM To Offer Vendor-Neutral Indemnification -- FORM
Authored by: Anonymous on Tuesday, January 13 2004 @ 07:13 AM EST
I have the feeling of being herded.
This is not a great idea.

[ Reply to This | # ]

A Short-Term Boost to M$/SCO FUD
Authored by: hbo on Tuesday, January 13 2004 @ 07:37 AM EST
This plan validates Microsoft's FUD regarding the uncertain legal status of
Free/Open Source software. That FUD says that FOSS is riddled with IP
violations, and that no vendor is protecting you from the liability that causes.
As with most truly effective FUD, this claim carries some truth in it.
Specifically, the second claim, that no vendor is offering protection, is partly
true. (It was completely true when the FUD was first served up, before HP and
Novell offered limited indemnification.) The first claim is exaggerated, but not
entirely untrue. Somewhere in the zillions of code lines in question there are
undoubtedly a few violations of someone's IP that would stand up in some court
or another.

In any event, offering insurance for IP claims validates Microsoft's FUD. They
can now point to the cost of insurance as more proof that free software isn't,
cynically exploiting the English vocabulary confusion between free as in
freedom, and as in beer. Microsoft has several difficulties in sustaining this
FUD, not least of which is that they don't offer any such protection
themselves. There is also the possibility that the GPL may end up on firmer
legal ground soon, if not through the IBM-SCO countersuit, then by some other
legal process.

So in the longer term, I think this plan may be a winner. It addresses the FUD
long term, but more importantly, it covers the part of the FUD that is true. IP
claims against FOSS won't end with the SCO suit, which means that some form of
insurance against such suits is valuable, regardless of whether any IP claims
have merit. The scheme laid out in this interview strikes me as one of the most
interesting developments I've seen in the ongoing cultural marriage between
corporate Capitalism and Free Software. A lot of very bright people on both
sides of the cultural divide are trying hard to make the marriage work. This
FOSS-friendly plan seems to me to be among the best results so far.

"Even if you are on the right track, you'll get run over if you just sit
there" - Will Rogers

[ Reply to This | # ]

Won't this just move the problem offshore?
Authored by: Anonymous on Tuesday, January 13 2004 @ 08:18 AM EST
This indemnification program looks very much US based. If it goes ahead as
described, without an international dimension, could SCO not simply move their
focus to other countries [eg in Europe]? A while of doing this and they will
become fat enough to take on an indemnified US victim?

Surely, we need to see SCO lose fair and square in the US?

[ Reply to This | # ]

OSRM To Offer Vendor-Neutral Indemnification -- FORM
Authored by: Alastair on Tuesday, January 13 2004 @ 08:25 AM EST
Think of it as “shadow indemnification” that puts current and future Free/Open Source code on an equal footing with proprietary software from a risk-management point of view

I think it is of crucial importance to point-out that proprietary software does not have any indemnification of end-users; indeed, it almost always disclaims all liability for just about anything.

In any event, I'm not certain whether indemnification is the correct way to address this problem. Personally, I think we should look long and hard at the intellectual property system, which seems to me to be at the root of the problem, rather than concentrating on treating the symptoms by providing indemnification.

Perhaps, for example, the law could be altered so that those who wish to claim copyright violation in a FOSS product can only do so within a limited period (say 6 months or 1 year) after the release of the allegedly-infringing code? I would only expect a company to pursue a FOSS product for infringement if (a) their code had value and (b) the product was in the same market (i.e. actually going to hurt them), in which case surely they can be expected to make themselves aware of its release?

That solution seems infinitely better to me, because it does not impose an insurance cost on users of FOSS, will not result in wasted court time and unnecessary litigation, and clearly places the burden of protecting intellectual property where it should be, on the owner. I would be inclined to extend a similar protection to FOSS for patents, for similar reasons.

The IP community would do well to remember the purpose for which copyright and patent law was created… to benefit society by encouraging innovation and creativity, through the provision of temporary monopoly rights. It was not created as a means for revenue generation or to benefit copyright or patent holders, or as a means to prevent competition by patenting ideas that are not innovative. Nor was it created to allow so-called IP firms to raid the coffers of productive and innovative firms. We seem to have lost sight of the original goal, and there is way too much anticompetitive maneuvering, "patent mining" (the exploitation of patents as a resource by litigating against firms not in the marketplace of the patent holder) and profiteering going on for my liking. All of this negative activity in no way benefits society and should therefore be discouraged.

[ Reply to This | # ]

SCO's mistake
Authored by: Anonymous on Tuesday, January 13 2004 @ 08:42 AM EST
I think this person's reasoning (that SCO may be the first person to try to
squeeze money out of users of "free" software, but won't be the
last) is actually the reason SCO miscalculated in this whole scheme.

I'd bet that SCO never expected this case to go to court: they expected IBM to
pay them "go away" money, as seems to be traditional in other cases
when beople sue big companies.

What they failed to realise was that, from IBM's viewpoint, when they looked at
this threat, they didn't just see SCO, they saw an endless stream of timy
companies who contributed something 20 years ago (and there may well be a
million people who contributed one thing or another to Linux over the years).

And IBM saw a threat to the foundation of the entire Linux community (and, more
importantly, the market share that IBM expects to get from that community).

IBM doesn't want to pay SCO to go away. They want to leave their bloody
carcass on the courtroom floor. (As a warning to the next guy who thinks he's
got a lottery ticket.)

(They wouldn't mind, say, a precedent saying that any code contributed to a
public project more than a certain number of years ago, has become public

Just my personal theory.

[ Reply to This | # ]

OSRM To Offer Vendor-Neutral Indemnification -- FORM
Authored by: Anonymous on Tuesday, January 13 2004 @ 08:50 AM EST
I find myself in agreement with the many negative remarks already made here...
this is a colonization attempt by people who live off of 'IP' law to find a
business model for themselves from FOSS.

I can't see the suggested scheme in the glowing and noble terms it is presented
in, instead the word that comes to mind is 'carpetbagger'.

Instead of allowing the legitimization and institutionalization of unwarrented
legal attacks on free projects, any laws that encourage this throttling of these
works for the public good by greedy people need to be changed. First SCO need
to be legally nuked pour discourager les autres and then legislation needs to
recognize the public value of FOSS projects and protect them accordingly.

[ Reply to This | # ]

OSRM To Offer Vendor-Neutral Indemnification -- FORM
Authored by: burySCO on Tuesday, January 13 2004 @ 08:50 AM EST
A couple of points:

1) * No tainted code has been shown *. If it does, I believe it will be
corrected long before the SCO-IBM lawsuit concludes, just like Ed Modgen says.
The fact that it's all publicly availiable for inspection is our

2) Even SCO has not yet begun litigation against an end user. Despite all the
FUD, I don't think they'll dare.

I believe IBM & Ed Modgen's stand on the GPL are right. "IP
insurance" will simply lend credibility to the SCO's of the world. It
would be better for us all if the suits@SCO were accused & convicted on
criminal charges & thrown in jail if/after SCO loses the IBM case; that
would deter "copycat" litigation.

Just my opinion

My jabber handle is

[ Reply to This | # ]

OSRM To Offer Vendor-Neutral Indemnification -- FORM
Authored by: whitehat on Tuesday, January 13 2004 @ 09:23 AM EST
Certfication fees would amount to a "SCO-tax" on every piece of open source software. I don't believe this solution is acceptable to open source developers.

Two other factors weigh against such a "tax":

1. Support services are implemented with daily automated downloads of patches and source files. In order to implement certification, update frequencies would have to be reduced. Elapsed time from availability of a fix until implementation would increase. The result would be increased cost, less protection against hackers, and less overall reliability.

2. Some developers (including some government agencies and small, independent developers) will not provide funding for a new "tax" that has to be paid only, in order to provide a "free" distribution to the community. The SCO-tax is a bad idea. We need to have everybody live by the GPL. If necessary, we will need legislation to reinforce the GPL.

[ Reply to This | # ]

Avoiding a worse evil
Authored by: Anonymous on Tuesday, January 13 2004 @ 09:23 AM EST

An alternative model to these indemnification schemes might be developer certification and perhaps bonding or even professional licensing. I think most of us would agree that that would be a worse evil.

Defending the community and the marketplace from predatory IP litigation has become a problem. A vendor-neutral insurance pool may well be the least evil short-term solution to what seems to have become a judicial protection racket.

In the longer term, I believe that social scientists predict vigilantism as a natural consequence of inefficiant courts and legal corruption.

[ Reply to This | # ]

OSRM To Offer Vendor-Neutral Indemnification -- FORM
Authored by: Anonymous on Tuesday, January 13 2004 @ 09:26 AM EST
Indemnification, lawsuits and corporate tyranny aside, the only way Microsoft
and their SCO lackeys will take away Linux is if its from our cold dead hands.

Now that China is off and running they'll never be able to stop it so they can
cram their insurance and their lawsuits. We will never again be slaves to the
dictates of the corporate nation of Microsoft.

[ Reply to This | # ]

OSRM To Offer Vendor-Neutral Indemnification -- FORM
Authored by: brenda banks on Tuesday, January 13 2004 @ 09:28 AM EST
maybe i am becomming cynical but this just seems to play into sco's hands and
in the end into M$ hands.if M$ has a target they can sue they will.that is the
point to all the baiting of indemnification.this provides the target.


[ Reply to This | # ]

OSRM To Offer Vendor-Neutral Indemnification -- FORM
Authored by: grouch on Tuesday, January 13 2004 @ 09:52 AM EST
Are there insurance companies offering indemnification from MS "IP"
theft? Who will stand behind all those MS-SQL developers who relied on MS
assurances, before the lawsuit (see )? Where is the same frenzied
cry for indemnification for hapless MS users and developers?

I wouldn't touch this with a ten-foot pole. It smells too much like the
extended warranty offered when you buy electronics.

[ Reply to This | # ]

OSRM To Offer Vendor-Neutral Indemnification -- FORM
Authored by: Stumbles on Tuesday, January 13 2004 @ 10:07 AM EST

Well frankly, this whole notion of indemnification or derivatives is a
bunch of malarky. I would like to know if there has ever been in the
history of software, where a user had any need of it. I see this as
nothing more but to broaden the scope of litigation from the
person/company that authored the software to include end users.
That I think is a load of poopy diapers.

[ Reply to This | # ]

Please, no.
Authored by: Anonymous on Tuesday, January 13 2004 @ 10:26 AM EST
This is the worst idea suggested yet. If it weren't bad enough that US
corporations want to prostitute the collective work of programmers and hackers
around the world, now US insurance companies want to weasel out a piece of the
pie too.

This makes me sick.

The irony though, is that at the prices this article suggests, it would actually
be cheaper to get "vendor neutral" indemnification by purchasing the
original SCOSource IP license!

What it missing from the whole argument centered around IP licenses, Linux, and
the GPL (generally speaking, the subjects discussed here at Groklaw) is that
these questions are not restricted solely to Linux and GNU derived operating

Free software exists for Microsoft Windows too.

In fact, nearly all the GNU utilities are available as Windows binaries. Many
entire projects distributed under other, open licenses are ported, such as
Apache, PERL, SDL, etc.

This is just another example of a vulture who wishes to prey on the fear and
uncertainty that infects Corporate America - an insurance scam to cash in on a
loathsome buzzword.

Do any other vendors I purchase from offer me indemnification? How do I know
there is no copyright infringement in Microsoft Windows product? How do I know
there aren't patent violations rampant through all my Adobe product? Quite
simply, I don't.

Property theft is a two way street, and given that GPL'ed code is open and
available on the Internet, I'd suggest that theft is far more frequent going
the opposite direction - from Linux/Open Source to Windows/Proprietary.

This is akin to slapping a band-aid on a bullet wound. We don't need more
insurance, we need fewer, less restrictive intellectual property laws.

[ Reply to This | # ]

MS FUD Lecture Jan 15th Cambridge
Authored by: Anonymous on Tuesday, January 13 2004 @ 11:02 AM EST

----- Forwarded message -----

Subject: Microsoft Research External Lecture: Dr Stefan Kooths, University of

This is a PUBLIC lecture


TITLE: The Economics of Open Source Software - Prospects, Pitfalls and
SPEAKER: Dr Stefan Kooths
INSTITUTION: University of Muenster
HOST: Alexander Braendle, University Relations
DATE: 15 January 2004
TIME: 13:30 - 14:30
MEETING ROOM: Lecture Theatre
ADDRESS: Microsoft Research Ltd, 7 J J Thomson Avenue (Off Madingley
Road), Cambridge

Open Source Software does not represent a suitable alternative to the
commercial software market from an economic point of view, neither in
terms of creating value-added nor in terms of economic efficiency. OSS
does not create any new value-added potential, and offers only a
fraction of the opportunities of the commercial market. The impact of
OSS on sales and employment are therefore less than the effects of
commercial software. Furthermore the de facto free availability of
GPL-licensed software, and hence the lack of a market price, have
far-reaching economic consequences that are elaborated in the
presentation. As far as packaged software is concerned its free
availability very much limits the creation of profits, income, jobs or
taxes. The loss of turnover in the area of software sales cannot be
fully recovered with services linked to the software. So-called
complementary OSS-business models work in the smaller customized
software sector only. The incomes earned there are substitutive and not
additional to those created in the commercial software sector. The lack
of cost-reflecting prices for GPL-licensed standard software also has
consequences for the market process as the pricing mechanism is
associated with an important information and coordination function in a
market economy. If there is no price, and hence no decisive guide figure
for a market, it is, for example, more difficult to identify customer
requirements. Further problems can be identified when it comes to the
allocation of resources, productivity-oriented factor compensation and
incentives for innovations. The lower value-added potential and the
reduced efficiency of coordination are weighty economic arguments. They
demonstrate quite clearly that the promotion of open-source software
cannot be an economically justifiable role for the state.


----- End forwarded message -----

[ Reply to This | # ]

Doesn't solve the problem
Authored by: Anonymous on Tuesday, January 13 2004 @ 11:55 AM EST
Widely held insurance is the time-tested remedy for the kind of issues the Free Software and Open Source communities are wrestling with right now, because it eliminates the incentive for opportunistic plaintiff’s lawyers to make unsubstantiated demands and pick off the most vulnerable, uninsured end-users, for whom it will always be much cheaper to settle than to fight.
The problem is "opportunistic plaintiff’s lawyers" who "make unsubstantiated demands and pick off the most vulnerable". In other words, it's an ethics problem and no ammount of insurance or indemnification will solve it.

[ Reply to This | # ]

Cheaper to hire in-house IT
Authored by: Anonymous on Tuesday, January 13 2004 @ 12:15 PM EST

Well, I guess the big money has begun to corrupt Linux. I'm sure it's not a
big surprise to Linus. Fortunately, even if OSDL fired him today, he could still
work on Linux anywhere in the world.

After all the insurance and indemnifications and support contracts are added up,
I would guess it would be far more cost-effective for companies, especially
small ones, to pick up Debian or Slackware and hire someone to administer it

I'm sure you could pick up a copy from the guy in the trenchcoat at the nearest
street corner.

[ Reply to This | # ]

Off Topic
Authored by: Anonymous on Tuesday, January 13 2004 @ 12:18 PM EST
Forgive my off-topic-ness.

Has anyone anywhere received any information as to the status of the discovery
responses that IBM should have received by now?

Or do you think we are going to have to wait until the 23rd?

[ Reply to This | # ]

OSRM To Offer Vendor-Neutral Indemnification -- FORM
Authored by: Anonymous on Tuesday, January 13 2004 @ 12:20 PM EST
How would the code certification work? Specifically, how is it possible to tell
that a piece of code isn't lifted from some copyrighted work you've never

[ Reply to This | # ]

OT: News Item?
Authored by: Anonymous on Tuesday, January 13 2004 @ 12:29 PM EST
Is this anything new?

The SCO Group has received US copyright registrations for UNIX System V source code, a jurisdictional pre-requisite to enforcement of its UNIX copyrights.

I'm just a techie and don't know if this is just a rewording of the original copyright registration or if there was something newly granted to them.


[ Reply to This | # ]

OT: Windows 98 lives...
Authored by: lnx4me on Tuesday, January 13 2004 @ 12:39 PM EST
Pardon the OT post , but I'd guess the truth of the matter is that W98 users refused to ante up the $ for an upgrade and were prepared to move to OSS.


[ Reply to This | # ]

maturing business model
Authored by: jianying on Tuesday, January 13 2004 @ 01:28 PM EST
When I read this, I feel a sense of awe and feel that this indicates
a maturing business model. While some purist might not like this,
It is a step in making open source an more complete system not
just technically but legally and economically.

From the start open source is very much of a user's revolt aginst
undue restriction of vendors. So vender-neutrality is something
that is worth preserving even at some cost. And that is precisely
open source's selling point, for what better way to guaranteeing
vender-neutrality then having the end-users actually having access
to the code.

FORM preserves vender-neutrality at the same offers liability
protection, which eases both the vendor and vendee's mind.
I'm hopeful that FORM's success would create a competive
open source insurrance industry.

I also hope FORM can tap into the open source community
directly to expediate code review, thus lowering cost which
benefits all. One possibility is a database of modules that
are certified such that companies and individuals can check
out certified modules knowing that their product can be more
quickly certified since most components are pre-certified.
Preferably all modules in this database would be LGPL. Also
of course the companies should help maintain the database by:
1. contributing certified modules that are not yet within the DB.
2. contribute to the upkeep cost of the DB.

[ Reply to This | # ]

OSRM To Offer Vendor-Neutral Indemnification -- FORM
Authored by: whitehat on Tuesday, January 13 2004 @ 01:54 PM EST

This is just a protection racket. It is no different from Al Capone selling "insurance" to small shop owners in Chicago.

In the next news item, we might learn that Darl McBride is investing his ill gotten gains in "Software Certification Insurance".

At the end of the SCO circus, many of us believe that GPL will be stronger than ever, and other people will be strongly discouraged from emulating SCO.

If we are wrong in this belief, legislation may be required to back up GPL. It is quite reasonable to ask Congress to come up with a way of having GPL stick - it is good for business.

[ Reply to This | # ]

Only pay for legal fees
Authored by: Anonymous on Tuesday, January 13 2004 @ 05:47 PM EST
The whole idea of millions sitting there waiting to be available should you get sued seem akin to giving up your weapon to a criminal with a hostage. You never ever do that as the chance of both of you getting killed goes way up. It must not be done. A better insurance might be to have it known that a big bond has been posted for the apprehension and conviction of any criminal, should he/she do anything against you and your family.

It's also similar to negotiating with terrorists. Once you establish the president others will follow suit.

Being how happy we are to sue in the US I would suggest we ONLY pay the legal fee's and no penalties. Or, we have to get really good in making it very expensive to litigate against us. As in the above example.

If you create an opportunity, someone is sooner or later get the idea of going after it. Like SCO has. They started big, but have moved back to now claim to only go after a few big companies. Though they are yet to actually go after anyone. I'd say because it has to be worthwhile.

Having a bear like IBM sitting there ready to legally pounce might be a workable deterrent.

Even though you cannot depend on a trial to be fair or just, one could reasonably argue that with proper legal defense, the only ones who should end up with a fine should be those who actually did something wrong. So they pay the fines themselves.

This would make it non viable from a pure sue to get rich scheme, but still protect the small and "innocent".

I guess that the outcome of this particular case will establish the new ground rules, so we'll see how it goes.

[ Reply to This | # ]

What Indemnification?
Authored by: Anonymous on Wednesday, January 14 2004 @ 06:16 AM EST
Many may not agree but i wonder why would i need indemnification to something i
legally bought from a known legal company? If i bought a stolen car from a
legal FORD Dealer am i liable for it without me knowing it was stolen? Sorry
Guys but i don't think indemnification is right.

[ Reply to This | # ]

OSRM To Offer Vendor-Neutral Indemnification -- FORM
Authored by: Anonymous on Wednesday, March 17 2004 @ 01:22 AM EST
This whole OSRM business is a money making plan by all that are in direct
support of it. It rides on the fear today, when only SCO has made the only
threats with its lawsuits. Yet, without a Judge's rule, in the IBM case do to
come to some point soon, SCO continues its fear building, and some like these
OSRM-plan folks, are in on a setup to profit from that fear. Illegal if looked
at from the view of "create your market ". What is bad about this,
that the opensource community will not have the control, and, it will cost money
for every time an opensource develper moves, so the OSRM people & investors
will make money to approve the opensource code. Also, code review could also be
code taken. I see the chance that many good oss code ideas will never make it;
take your money and say your not covered, then the oss code is up for bid within
the closed doors of this OSRM operation. I hope to tell the EV1's that trade
with the SCOs and this OSRM that they will not profit in business, if my isp is
one of the OSRM buyers ?, they will not have me long as a customer, and that gos
for all. Take no part in this and stay clear of this trap. Support community
funds as the OSDL and RedHat that do not have a code-review-approval and fee.
The legal funds setup could become great as any need to help the community or
one in any claim in a lawsuit. No need to have these money makers in control to
do that. Let's stay with the community code review, it works well and the
community is in control that they all have done well with.

[ Reply to This | # ]

OSRM To Offer Vendor-Neutral Indemnification -- FORM
Authored by: Anonymous on Wednesday, March 17 2004 @ 01:35 AM EST
Into your own hands. This is BAD news here, and lookout, the OSRM guy has based
this whole OSRM thing on his patent !.
Read on:

[ Reply to This | # ]

The best defense
Authored by: Anonymous on Wednesday, March 17 2004 @ 02:08 AM EST
The best defense is a good offensive.

For example, what if some organization were to acquire or obtain (perhaps by
donations) various PATENTS [but not have any actual business/copyrights so it's
not an easy/obvious target in itself, probably a non-profit].

You make clear that those patents will not be enforced (selectively enforcement
of patents is legally allowable) against say GPL software.

However when some company attacks GPL software, or Linux, you go sue them for
patent infringement on their products, seeking damages and/or injunctions
against further infringement.

I realize many open source people are morally opposed to patents, but somebody
with a big stick as a big deterrent, and a willingness to use it, would go along
way to solving this problem.

[ Reply to This | # ]

Sorry this increases the opportunity for IP scams
Authored by: Anonymous on Wednesday, March 17 2004 @ 02:13 AM EST
I think this idea increases the opportunity for IP scams, and litigation based
on IP.

Say I am some dying company in middle America with a couple of patents.

Without insurance, I can go sue IBM or somebody like that, and embark on a
suicide run -- or I can try and sue end-users with no real hope of getting
significant damages (for starters if I had a patent, the users could simply stop
infringing it, if indeed they are, once they receive actual notice, thus
severely limiting damages I could obtain).

With insurance, I see this big fat juicy fund with lots of money in it. So I go
after one of the insured companies with hopes of getting my hands dipping into
that juicy pie.

The best solution to the problem is not insurance, but to make an example of
these types of leeches.

[ Reply to This | # ]

OSRM To Offer Vendor-Neutral Indemnification -- FORM
Authored by: Anonymous on Wednesday, March 17 2004 @ 08:46 AM EST
The program to do the code review in the OSRM plan, is flawed. The program (
patented ) will only use samples to find any matching code. The samples are
taken from a fixed grid format that the OSRM database uses; this same grid
format is "forced" on all code, so to match the database grid, so
"good samples" can be produced.

The program would be too slow if a complete ono-to-one point of the grid was
made on every line of code; so, the program takes the samples and makes a
"guess" that a match has been found. In Bio-med labs the larger
outcome, of many small test ( samples ), even with uniform standards, makes the
test find go one way or the other. [sometimes its wrong]. Like this program used
by the OSRM, with clear uniform code standards in all code, the matches it finds
could show one way or the other too.[sometimes can be wrong]. The point is;
coding standards by person(s), or company policy, are never going to be the
"same". [How wrong could a match be this way].

This program will, through its database, and its programming, need to have a
full understanding of all coding standards and take a guess on samples that a
code match is not outside these standards. The reserved words of programming
languages, as C++ and C, would the program know how to sample if say, I used C
reserved word in my C++ code and not mistake it for a C code match. The
questions are many and the answers well, are few about this code review program
at the heart of this OSRM plan.

This OSRM sounds more as an "authority" then legal protection. Such
authority should have its legal basis; what authority gives OSRM the legal
ground to even offer such protection at such costs. Each State ( in the US )
should have legal review of this, and within US corp law the buyers and users of
this plan; this OSRM should have to be approved by each State the plan is
offered before the corps will be allowed to buy a policy. The basis of the is on
soft ground, and needs legal State & Government review before anyone or
company buys a "policy". I say report this plan and those putting it
forward to the DOJ in the US, and elsewhere whatever Government legal authority
there. Remember SCO's license; and that SCO is a legal company, selling an
illegal license.

[ Reply to This | # ]

Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )