Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Businesses Software

Open-Source Insurance 110

* * Beatles-Beatles writes to tell us that several insurance agencies have formed a partnership to offer open-source compliance insurance. From the article: " The insurance will cover up to $10 million in damages, including profit losses related to noncompliance with an open-source software license. The policy could, in some cases, cover the cost of repairing code that was found to infringe on open-source licenses such as the General Public License, which is used with the Linux operating system."
This discussion has been archived. No new comments can be posted.

Open-Source Insurance

Comments Filter:
  • Cost? (Score:5, Insightful)

    by DraconPern ( 521756 ) on Tuesday November 01, 2005 @03:37AM (#13921899) Homepage
    So, just like other policies, how much will it cost? $100? $1 million? It's kind of point less to talk about the $10 million coverage when you don't know how much it will cost...
    • And the flip-side is how much does it cost compared to similar insurance to cover "up to $10 million in damages, including profit losses related to noncompliance with a *closed*-source software license."

      Sounds like this is just people trying to prey on FUD surounding these licenses.

      An open source license not that different from a closed source license, in that it gives you certain rights and restrictions with what you do with the software you license. It seems really odd that an insurance policy would

      • Re:Cost? (Score:5, Insightful)

        by bogado ( 25959 ) <bogado.bogado@net> on Tuesday November 01, 2005 @05:20AM (#13922180) Homepage Journal
        In efect, why not making an insurance to people who do illegal trading in the stock market? It is high risk business, and can be very lucrative. Or maybe another illegal trade, the drug market suffer from losses from aprehensions by the police, maybe there should be a insurance to help those people also.

        I for one want a insurance aggainst the RIAA, MPIAA. They are known to make scapegoates and fine them for the loss of "millions of dollars". This insurance would be highly lucrative, since only a very small fraction of people do get to be fine and the market for it is huge (or at least RIAA and MPIAA have been saing so).
        • Re:Cost? (Score:3, Informative)

          by khallow ( 566160 )
          In efect, why not making an insurance to people who do illegal trading in the stock market? It is high risk business, and can be very lucrative. Or maybe another illegal trade, the drug market suffer from losses from aprehensions by the police, maybe there should be a insurance to help those people also.

          There are several reasons not to. First, since the person was engaging in illegal activities, then the odds are that the premiums paid to the insurer were illegally acquired and may be seizable. Second, t

        • Insurance doesn't insure against willful bad acts. Like I have homeowner's insurance on my house which covers, among other things, fire. However if I deliberatly set fire to my house, they aren't going to give me anything, that's excluded.

          I imagine GPL insurance is the same way. If you acidentally violate the GPL (which is possible, maybe an employee does it and you don't know, maybe the place you got the code form forgot to say it was GPL'd) they'll pay you what it costs to fix the mistake. However if you
          • I have been involved in a number of GPL violation cases. None were intentional. All were incredibly stupid. Mostly they had to do with engineers and technical managers not knowing what to ask their lawyers or not having sufficient access to lawyers. When you produce a product for money, there is a due-diligence requirement that many engineering companies don't trouble themselves with.

            If you think infringement of Open Source licenses is a problem, it's even worse with proprietary products. Embedded systems

      • by mpe ( 36238 )
        And the flip-side is how much does it cost compared to similar insurance to cover "up to $10 million in damages, including profit losses related to noncompliance with a *closed*-source software license."

        Or "accidental" software piracy in general.

        An open source license not that different from a closed source license, in that it gives you certain rights and restrictions with what you do with the software you license.

        Actually no, since open source licences are virtually always based the provisions of cop
        • Many Open Source licenses are contracts, even though they are based on copyright law. The GPL purports to be a straight copyright permission because RMS didn't want to remove any rights you already had, but it includes words like "you agree" and thus it's not entirely clear that it is not a contract. No court has ruled either way.

          Insurance doesn't protect you from violating the law wilfully. A number of commenters seem to be missing that. OSRM is not in the business of issuing a license to kill :-) Indeed

    • The real question is what other things you can package with it, and if they give you a discount for buying a package. Obviously GPL insurance isn't enough.

      For instance, do they sell giant robot attack insurance as well? I feel its important to be protected from the ever present threat of robots [uncyclopedia.org]. And this is only one of the many kinds of insurance that I'll need from them.

      I'm certianly also going to need spontaneous existence failure insurance for all my stuff, werewolf treatment insurance for if I get bi
    • Re:Cost? (Score:3, Insightful)

      by 4of12 ( 97621 )
      how much it will cost

      Indeed, how much?

      I've always felt that indemnification against inadvertent use of someone else's "Intellectual Property" in free or open source software was a response to what amounted to a FUD campaign to discourage potential users from migrating away from a perfectly functional cash cow.

      If I'm right, the price the market will bear for this sort of insurance won't be very high.

      OTOH, I could envision a scenario where:

      • Large enterprises embarking on a larger scale rollouts of FOSS i
      • The initiators of litigation could, of course, come from the ranks of those who stand to lose the most by more widespread adoption of FOSS, or from agents acting on their behalf.

        With this particular product, the initiator would have to be the copyright holder on the software. That person is the Open Source developer.

        Are you confusing this with the patent issue? That is a much more serious issue, and maybe one OSRM can cover in the future. But this product does not cover that.

        Bruce

    • by PCM2 ( 4486 )
      It has been quoted elsewhere [eweek.com] that the cost is roughly 2 percent per million dollars of coverage. So, $2 million coverage would cost you about $40,000 per year. That money can be paid out in different ways under different circumstances, and each client is expected to negotiate a plan and premiums that best suit its own situation.

      Note: I am not affiliated with any of these people or this insurance plan, but I have heard the full-length pitch.
  • FUD? (Score:5, Funny)

    by griffinn ( 240043 ) on Tuesday November 01, 2005 @03:38AM (#13921902)
    Much better to take on an insurance against SCO [eweek.com] than this FUD disguised as "insurance".
  • by ejito ( 700826 ) on Tuesday November 01, 2005 @03:39AM (#13921906)
    Is the GPL (or other open source licenses) that complicated that you just can't hire (or task) someone to review your development practices to be in accordance?

    Well, it's Lloyd's of London subdivision offering this (the same people who insure body parts), so it's probably more publicity than anything.
    • Mod parent up, ejito got the point.

      Maybe it is targetted at people who absolutely want to keep any risks down to a minimum, including the risk of not reading / translating correctly / obeying the license.

    • by Kjella ( 173770 ) on Tuesday November 01, 2005 @04:32AM (#13922056) Homepage
      I think it's more of an "employer vs company" problem. Employer lifts GPL code without license, company includes it in their code base, company gets sued by copyright holders. Statutory damages get nasty fast, so this is more like malpractice insurance for a clinic.

      The moment it becomes willful and for commercial gain, it is a criminal offense. So if any company wants to try to use this to get away with copyright infringement, they'd better hide their tracks good because now they have an insurance company looking to get out of a claim.

      Anyway, I'm sure there's the odd case of some minor penalties here and there, but I think this one is way ahead of the market. Why would you insure yourself against something that I don't know a single big case with millions in damages over an OSS product. Do you?
      • Hmm, I would think that an employer competent enough to be able to sort through and understand a large open-sourced project would be competent enough to program (or at least switch around) their own code. It would also mean that either the programmer is making the design, or that the open source project has a very similar design to his/her own project. It becomes increasingly harder to prove code was stolen for smaller pieces of projects.

        On top of that, assuming these projects aren't open-source themselves
        • Ok, both you and the grandparent post need to learn the difference between employer and employee, they're two different words, ok? That said, how do you find out if someone is violating your copyright? Why, you hire a lawyer, go to a judge and get a civil order to seize their source code repository. You then hire some nice big beefy "security" personal and you go over to their office and take it. Yes, believe it or not, civilians have the power to seize property in the process of investigating a civil l
        • by LordNightwalker ( 256873 ) on Tuesday November 01, 2005 @06:06AM (#13922290)

          On top of that, assuming these projects aren't open-source themselves -- how are OSS groups able to know that companies are stealing their code if OSS groups can't review the code itself?

          Sometimes it's possible to deduce this from looking at the compiled code. Especially with libraries. Now I'm not an expert on the issue, but cases of closed source vendors getting caught in the act of including opensource portions in their product have been discussed often enough here on slashdot, so I find it odd that you seem to be unaware of this.

      • "The moment it becomes willful and for commercial gain, it is a criminal offense."

        No, it's a civil offense. It's copyright infringement. The very offense so many around here hate. Ironic, isn't it?
    • by Anonymous Coward
      There's no such thing as a Lloyds division or sub-division, which indicates the author of the original article doesn't really understand what they're talking about. The Corporation of Lloyds is an insurance market in which syndicates, such as Kiln, offer underwriting services. A Lloyds syndicate underwriter will underwrite pretty much any policy in their general area offered them by a broker ... at the right premium.
    • Then again, it's the same poeple who started selling insurances ...
    • Well, you can hire me to review your GPL compliance. And you are right that the main way to manage this problem is with training. The real problem is that engineers and technical managers think they are soldering parts together when in actuality they are creating derivative works out of someone else's intellectual property. Of course, there is some resistance when we try to get them to think about it that way :-)

      If you buy this product, you have to assure OSRM that you are in compliance. They don't give you

  • Then and now (Score:5, Interesting)

    by Flyboy Connor ( 741764 ) on Tuesday November 01, 2005 @03:47AM (#13921932)
    Then: Big company thinks of stealing open source code for their products, but refrain because they are afraid of legal consequences.

    Intermediate: Insurance company knows that no open source developer has the money to sue, even if they would be able to discover that their code had been stolen.

    Now: Big company tajes insurance and starts stealing open source code, because they feel there is no legal risk anymore.

    In the end: Open source developers get screwed once again and the only people getting rich over it are the lawyers. Nothing new here.

    • Re:Then and now (Score:4, Insightful)

      by PSVMOrnot ( 885854 ) on Tuesday November 01, 2005 @03:58AM (#13921964)

      "Now: Big company tajes insurance and starts stealing open source code, because they feel there is no legal risk anymore."

      I think you need to add a line in there between Now and In The End. something like this:

      Next: Someone finally sues Big company over the infringement, and Big company finds that due to some small print they aren't covered. (ie: a clause saying they can't knowingly be involved in infringing activity)

      Insurance companies will try to avoid any sort of payout, even^H^H^H^Hespecially if they know they are blatently in the wrong.

      (IANAL, but I was in insurance briefly)
      • Mod parent up! You cannot offer insurance against prosecution for doing something illegal. You can offer insurance that covers _investigation_ costs, but not to cover the fine or the impact of any sanctions if the claimant is conviced.
      • Not forgetting that even if the insurers *do* pay out, it's quite likely that the company's premiums will go up. In fact, claim too often and you'll generally find it very hard to get insurance.

        As you say, insurance companies *hate* paying out.
      • "Big company finds that due to some small print they aren't covered. (ie: a clause saying they can't knowingly be involved in infringing activity)"

        That's not small print, that's common sense.
    • Re:Then and now (Score:2, Insightful)

      by Crouty ( 912387 )
      Authors of GPL'ed software won every license trial so far AFAIK. Either this insurance company insures companies that don't need an insurance or it will pay. I don't think this insurance company is going to last very long.
      • if by "trial" you mean "claim settled out of court" then yes. We're continually told that no GPL-violation has gone to court. I'm willing to hazard a guess that this is because the holders of GPL covered copyrights are willing to settle for "stop doing that and promise not to do it again." As soon as they start demanding a settlement that actually includes cash amounts up to and exceeding the cost of fighting it in court we'll actually have a hearing. Of course, at this point you might be thinking that
      • I don't think this insurance company is going to last very long.

        Lloyds of London was founded in 1774 and will be raking it in long after your death. Thanks for the chuckle though.

    • You definately have a good point there... I have to wonder how the Google factor will contribute to this?

      ===

      Google is contributing vast sums of money to the open source community and greatly diversifying their markets...

      I have to wonder if Google put up some legal dough for open sourcers...

      It makes them appear beneveolant to the open source community and hurts their eventual competition if they do start stealing code...

      ===

      Likewise, perhaps they may be able to set some sort of investment precedent, since the
    • Other possible step: Open source developers sue (with the help of the EFF), and Big companies pay big money instead of stoping distribution or GPLing their code (that's what they paid the insurance for).

      In the end: Open source project has lots of money for hiring full time developers, bug chasing competition, etc.

      Of course, I'm being optimistic, but who knows...

    • You wrote: Insurance company knows that no open source developer has the money to sue

      And that is why the American legal system has a contingency fee option. Yes, it is maligned in the press and by much of popular opinion. But yes, I am glad we have it.

      Instead of requiring "the little guy" (in this case an open source developer) to have the cash himself to hire a legal team and pursue recourse in the courts, he can present his case to a firm that will represent him for a percentage of the recovery. T
    • Now: Big company tajes insurance and starts stealing open source code, because they feel there is no legal risk anymore.

      Hopefully: Big company finds themself facing a criminal prosecution for their copyright infringement. Plus "statutory damages" for each action. With their insurance claim rejected, because they don't insure crooks.
    • Actually, insurance doesn't work that way. First, you have to justify your own processes to your insurer, because if you run a slipshod operation that is likely to generate an insurance payout, they don't want you as a customer.

      Second, if you are about to go to court with an Open Source developer, the insurer is going to want you to settle with that developer. It's cheaper than going to court. Are you an Open Source developer, and you don't have money to enforce your copyright? You can get a lawyer to figh

  • Accidental? (Score:5, Insightful)

    by Anne Thwacks ( 531696 ) on Tuesday November 01, 2005 @03:50AM (#13921941)
    Do they also offer insurance against "accidentally" selling your soul to the devil?

    Any person in any corporation buying this should be subjet to instant dismissal. If you are a shareholder in a company that buys this, then you should sell your shares immediately, as it is clear proof that the management is corrupt or incompetent.

    The Institute of Chartered Accountants should be expected to recognise it as a symptom of malpractice, and if auditors fail to recognise it as such, then the auditors are also guilty of malpractice.

    • Re:Accidental? (Score:5, Insightful)

      by Zog The Undeniable ( 632031 ) on Tuesday November 01, 2005 @04:15AM (#13922013)
      It's common to take out indemnity policies against the possibility of future legal action where all steps have been taken to try and resolve the issue beforehand. A real estate example would be where a new access road crosses a strip of land, the owner of which is unknown and cannot be traced after an exhaustive search. A policy is put in place to pay $m if the owner ever appears and wants paying for the "ransom strip" or threatens to build a wall along it.

      Now if the buyers of the policy KNEW there was copyright SCO code in the software then no, they shouldn't expect the policy to cover them and I'm sure the T&Cs make that clear.

      And yes, I am an auditor.
      • "It's common to take out indemnity policies against the possibility of future legal action where all steps have been taken to try and resolve the issue beforehand.

        What make someone think they can build a road across someone else's property? I know there's all that adverse possession stuff - in order to obtain property that way, you basically have to be openly trespassing for a while (10 years I think in MI). So you propose that software (or any copyright and perhaps patents) should be handled the same way

      • I guess I shouldn't be baffled about the level of ignorance Slashdot readers have about what this policy is all about and why companies insure things.

        If a company built a warehouse and then decided to get the property insured, would that be evidence of some kind of criminal intent?

        If an auto manufacturer buys insurance against wrongful personal injury claims, does that make it an evil company that's in the business of building cars that will injure people?

        No. Businesses buy insurance the same way you buy he
    • There are several ways where GPL code can enter a company against the intent of the company. What is the contractor doing to which you outsourced a development project? Outsourcing may mean that you end up with bad code in more than one way.
      It is possible to use GPL code inside a company in specific ways. What are the financial consequences of an honest engineering or management mistake, like distributing an "internal use only" application to a business partner?
      A well run business can keep the risk that the
      • Re:Accidental? (Score:3, Insightful)

        by bit01 ( 644603 )

        There are several ways where GPL code can enter a company against the intent of the company. ...

        There are several ways where any licensed code can enter a company against the intent of the company. ...

        ---

        Marketing talk is not just cheap, it has negative value. Free speech can be compromised just as much by too much noise as too little signal.

    • The problem with this is that Managers, or even same-level code reviewers, cannot be expected to be able to trawl through code to check for open-sourced code. Once the licence text is removed (and perhaps the code is tweaked to look more like the in-house coding practices) it's incredibly difficult to check that some unethical coder isn't stealing GPLed code, although the consequences could affect the whole company.

      I believe this is the point of the insurance, but I could be wrong.

      • The problem with this is that Managers, or even same-level code reviewers, cannot be expected to be able to trawl through code to check for open-sourced code. Once the licence text is removed (and perhaps the code is tweaked to look more like the in-house coding practices) it's incredibly difficult to check that some unethical coder isn't stealing GPLed code, although the consequences could affect the whole company.

        There's nothing which makes GPL code special here. The only thing is that likely to be some
        • Technically, there's no difference, no. But the point here is that GPLed/other open-sourced code is considerably easier to find, due wholly to its openness. Since most proprietary vendors don't tend to give out their source (and if they did, without an NDA, it may well actually be covered by this), it's considerably more difficult to steal.

    • Do they also offer insurance against "accidentally" selling your soul to the devil?

      Sure they do. Enjoy! [catholic-pages.com]
    • Over time, IP infringement litigation will occur. This is not an actuarial risk, it is a mathematical certainty. Software patent holders have many tens of billions of dollars of market value at risk here, and as open source continues to gain traction in higher innovation categories (DBMS, AppServer, Web Services etc.) they have a fiduciary responsibility to shareholders to fight back with everything they can, including their IP portfolios. $10M of IP infringement insurance provides a token prize pot for t
    • Do they also offer insurance against "accidentally" selling your soul to the devil?

      You will have to go to church for that one.
  • Arabian Camel Trains (Score:2, Interesting)

    by rheotaxis ( 528103 )
    The merchants in camel trains would each pool a little bit of money to cover the loss of any one trader's camel and goods. If no one lost any goods, the money was returned to each merchant. Today's insurance companies don't return your money if no one ever files a claim. What's up with that?
    • by mumblestheclown ( 569987 ) on Tuesday November 01, 2005 @03:58AM (#13921962)
      Sigh. Today's insurance companies also have to pay more if everybody's camel dies.

      Insurance is about tranferrance of risk. You pay the insurance company to assume the risk for you.

      Now that that's covered, tomorrow, we'll learn "how to tie your shoes" and "eating with a spoon."

      • You are technically correct, but not complete.

        Really, you pay the insurance company to assume a small portion of risk, the rest of your payment goes to other larger insurance companies to re-insure the company you pay to, and anything left over goes towards litigation of claims and lawyers.

        The real problem with Insurance companies is that they have so much clout in the legal system and political system, that its virtually impossible for new insurance companies to enter the fray. Its a market without REAL co
        • by Kjella ( 173770 ) on Tuesday November 01, 2005 @04:53AM (#13922112) Homepage
          Really, you pay the insurance company to assume a small portion of risk, the rest of your payment goes to other larger insurance companies to re-insure the company you pay to, and anything left over goes towards litigation of claims and lawyers.

          This isn't exactly new. If we keep it up with the OP, reinsurance would be bunch of camel trading groups getting together, so if one group got hit by horrible weather and many in their group died, they'd claim against the whole co-op. It has to work this way. Imagine being a south-asian insurance company without reinsurance when the tsunami hit, they'd have to file for bankrupcy immidiately and hardly anyone would get their claim. The rest? "Well you camel was old and weak" "You didn't treat that wound properly, it's your fault it got infected". There's alwsys trouble like that, and perhaps even insurance fraud (making sure it dies on a well-insured trip).

          Around here there's no law against non-profit insurance companies, but all the major ones are commercial. I mostly prefer it that way, because they have the right incentive to make sure every claim is legitimate and that people pay according to the risk they contribute (every customer should be "profitable", on average). There are some bad with the good, but overall I think a non-profit company would be relying too much on honesty and solidarity to deal with people abusing the system.
      • Now that that's covered, tomorrow, we'll learn "how to tie your shoes" and "eating with a spoon."

        I find your ideas intriguing and wish to subscribe to your newsletter.

    • by patio11 ( 857072 ) on Tuesday November 01, 2005 @04:11AM (#13922000)
      If you never filed a claim under the camel system, you still didn't get your money back if *someone else* filed the claim. Now extend the camel system to cover 400,000 camels for a small insurance firm. And furthermore, one unlucky camel every year doesn't just get lost, he gets ordered by a judge into the custody of a third party along with 99 camels that that trader doesn't own, with the lawyer getting fourty of them on contingency fee, because the camel stamped on some idiot's foot after the idiot tried to fit him through the eye of a needle in a fit of curiosity.
    • Because Arabian camel drivers made their money from the goods their camel was carrying, but modern insurance companies make their money from the leftover funds in the pool after they pay out for all the dead camels. Of course they're going to keep all of it!
    • The Arabian camel trains were a form of self-insurance pool: the members agreed to pool losses, if any. You can be assured that they did not agree to pool their collective profits, however.

      We have self-insurance pools today, as well. They function in much the same way: all members share proportionally in any loss, so if there are no losses, then nobody pays. The downside is that all members of the pool could simultaneously lose all of their assets in the event of a catastrophe.

      We also have Mutual insura
  • bad idea (Score:2, Insightful)

    Insurance works on the *cough* law *cough* of averages, different shocks affect different people so a single shock can be covered by the insurance company for far less than the cost of said shock. There is not enough diversification in something like this. If there are developments against the GPL or a very popular software pack gets into strife (openoffice or such like), then their are huge liabilities that the insurance company can't meet and everyone sinks. Just how does one determine the profit losses f
    • If there are developments against the GPL or a very popular software pack gets into strife (openoffice or such like), then their are huge liabilities that the insurance company can't meet and everyone sinks.

      Not the way Lloyd's of London works. It's not a single company; rather, it's a whole bunch of companies that can syndicate the risks of various insurance products across the whole. It is, in essence, a marketplace. The umbrella Lloyd's of London company also takes a certain amount of money from each u

  • This JUST happened? (Score:3, Informative)

    by caenorhabditas ( 914198 ) on Tuesday November 01, 2005 @04:35AM (#13922064)
    I seem to remember interning for (ironically enough) an insurance company's IT department a few summers ago and hearing about how they took out liability insurance on pretty much all of the open-source tools they used. This even included things like Perl, where the chances of being sued are fairly small, just to be absolutely sure. Furthermore, it sounded like they'd been doing this for a while.

    I suppose that their policies might not have covered the costs to get it into compliance and other such expenses. Still, I'm sure that huge companies like IBM have been careful to insure against such possibilites for years. It would be foolish for them not to.
  • by zcat_NZ ( 267672 ) <zcat@wired.net.nz> on Tuesday November 01, 2005 @04:37AM (#13922072) Homepage
    What businesses REALLY need is insurance against Microsoft (and other BSA member companies) licence violations.

    SERIOUSLY

    Because for any reasonable-sized organisation it is very expensive to do a license audit, and almost impossible to be sure that you're completely in compliance. Many businesses have found that it's easier and cheaper to just buy a completely new set of licenses than try and figure out if the ones they already have cover everything they're running.

    And because if you're not in compliance, even by just a little bit, you _will_ get hit with substantial fines which cost a LOT of money to fight that in court.

  • by Max Nugget ( 581772 ) on Tuesday November 01, 2005 @05:10AM (#13922156)
    There is indeed such a thing as "accidentally" infringing on open-source code licenses. You see, while the individual developer who copies the code is usually aware of its legal incumberances, it would be quite easy for the corporation's management, board of directors, and shareholders to be unaware of the legal deathtrap the lowly developer employee is leading the company into. And lest we remember, it is the CORPORATION that would be found to have infringed the copyright, not the employee. The corporation would face responsibility for what its employee did. From this perspective, having insurance against such things might not be such a bad idea.

    And by the way, I would wager to bet that a non-trivial percentage of employed developers are unfamiliar with the specifics (or fundamentals) of the GPL and other common licenses. Also, there are many scenarios in which miscommunication between employees and management could lead to unintentional use of open-source code. Who knows, maybe an employee is even deliberately trying to get the company into hot water.

    Someone else here mentioned that this kind of insurance would make it easier for bigger companies to violate open-source licenses, since they'd be shielded from any legal damages. In response to that, allow me to introduce you to the phrase "Insurance fraud." Don't think for a second that these insurance companies won't be carefully pouring over company documents, correspondences, etc, to make sure the infringement was indeed "accidental" in whatever sense the word becomes defined as.

    As someone else said, probably the only question is whether these companies can speculate the open-source-infringement-lawsuits world accurately enough to stay profitable. It seems to me that's easier said than done, but I do think the idea makes sense in theory at least.
    • A correction: I misinterpreted the point of a previous post, which said: (sorry for not replying directly to the thread, but my original post only mentioned the OP in passing)

      Now: Big company tajes insurance and starts stealing open source code, because they feel there is no legal risk anymore.

      In the end: Open source developers get screwed once again and the only people getting rich over it are the lawyers. Nothing new here.


      I still disagree with that, though.

      Firstly, if they intend to trick the insurance co
    • My question is, why is this open-source specific? I've been looking into professional indemnity insurance lately, and the policy backed by the Australian Computer Society (a voluntary IT professional organisation) includes insurance against inclusion of copyrighted code into your product.

      Nothing about Open Source copyright makes it any more risky than any other sort of copyright. Why is there insurance *specifically* against violating Open Source copyright?
      • Nothing about Open Source copyright makes it any more risky than any other sort of copyright. Why is there insurance *specifically* against violating Open Source copyright?

        Well, maybe the fact that it's trivial to get your hands on open-source code, as opposed to closed-source code from other companies' products, which you'd probably have to break some more obvious laws to get your hands on in the first place.

        Also, the fact that (to those who don't understand open-source licenses) it's common to mista
    • There is indeed such a thing as "accidentally" infringing on open-source code licenses. ...

      There is indeed such a thing as "accidentally" infringing on any code licenses. ...

      ---

      Keep your options open!

  • So, when can we get insurance for accidentally violating the DMCA while trying to fairly use our hard-earned media?
  • Suppose an organization made it a business objective to

    * reward those who find GPL or other copyleft violations

    * sign up copyright holders for limited power of attorney to handle said violations

    * negotiate with the violater

    * secure settlements monies

    * pay themselves, the copyright holder, the finder, A portion to FOSS organizations......

    There is a distinct possibility that lots of commercial code companies are thumbing their noses at copyleft licensing because they are under the impression that its to much
  • Students (and everybody else) should be taught that its NOT a crime to borrow from your betters if you give attribution ('provenance' for software and/or other intellectual property.)

    In those cases where you're supposed to do original work, like doctoral theses and the like, you're definitly NOT allowed to borrow.

    But for the rest of us, who don't have any interest in being original in the first place anyway, we should be encouraged to provide attribution. Like paid for however much we saved our employer in
  • Of course, in a twisted sort of way, offering insurance for open source software gives the impession that there is something "wrong" with OSS, and that it contains infringing code. So, while large business may either take on the risk or buy the insurance, home users or small to medium-sized business may avoid OSS because of the perceived "risk" (especially uneducated users or PHBs). So, by offering this insurance, there's another perception that open source software is "risky". I've been using OSS for yea
  • microsoft...

    If you know how much it is going to cost you in the event you get busted, allowing for thios, you can determine how worth it, it will be to risk such an endevor.

    Now if you can make the cost of getting busted reduced even further then you will have better opportunity to profit over this unfair (anti-trust was named that for a reason) practice expense to you (should you get caught).

    Now, with all this, if you can gain 100 million in income in exchange for, at worst, a 1 million dollar cost (should
    • Thank you to everyone for the healthy and extended discussion of Open Source Compliance Insurance. It's always exciting to see the level of energy and scrutiny that the Open Source community applies to new offerings. It keeps everyone honest :-))

      I wanted to clarify and explain a few things about the offering, which BTW is officially underwritten by Kiln and sold by Miller; OSRM is not an insurance broker. We are an Open Source risk consultancy.

      First, let me respond to the idea that insurance encourages

      • I'm not sure I understand what/who is being protected with this insurance.

        But regardless of that, there is the matter of "UNEXPECTED events"..... with nature there can be unexpected events due our limited understanding of nature, and in the physical world there can be unexpected human events such as unintentional traffic accidents, again due a lack of knowledge or applied knowledge.

        Hmm, is this open source insurance along the lines of uninsured motorist insurance?

        But regarding "Unexpected events" in the are

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...