The insurance would protect customers against lawsuits that might be brought by SCO, which claims ownership of underlying Linux intellectual property, and has already sued two Linux users. The insurance would also protect customers against other intellectual property claims.
The company will charge about $30,000 per $1 million of insurance coverage. The program is designed for medium-sized and large Linux users, and will be available by the end of May.
"Frankly, we don't think small companies need coverage at all, because they don't have deep pockets. This is more for medium-sized and large companies, for whom a $3 million or $4 million lawsuit could be a big problem," said OSRM chairman Daniel Egger..
OSRM's initial protection covers only the kernel, but OSRM plans to expand that coverage to include the major distributions, major third-party open source applications, and even custom code that individual customers would first submit to OSRM for review. Before indemnifying users of code, OSRM first reviews the code for intellectual property violations. OSRM will initially focus on Linux, Apache, MySQL and PHP, the most popular open source software, frequently used in web applications and known among developers as the "LAMP stack."
The company has run internal analyses of the Linux kernel Versions 2.4, which is the most current kernel in common use, and 2.6, which is the most recently released kernel. "We are satisfied that we can't find any copyright infringements, therefore we are going to be certifying it as clean, for purposes of our own indemnification program," said OSRM chairman Daniel Egger.
Protection for the kernel will likely be sufficient to protect Linux users against action filed by SCO, which is - at least for now - only claiming ownership of intellectual property for code contained in the Linux kernel, said open source consultant Bruce Perens, an investor and director in OSRM.
OSRM recommends maximum coverage should be equivalent to one year of a company's Linux-related spending, including software, hardware, services and staff.
SCO is "not opposed" to OSRM, said SCO spokesman Blake Stowell.
Stowell said he recommends that companies concerned about being sued by SCO should purchase an SCO Intellectual Property License, which grants SCO's permission to run Linux. The license is priced at $699. "Certainly, we think that license is cheaper," Stowell said.
But Egger noted that the SCO license only protects companies from lawsuits filed by SCO, not possible future lawsuits filed by other parties.
Protection is being offered in reaction to SCO's lawsuits against Linux vendors, including IBM, Novell and Red Hat, and users AutoZone and DaimlerChrysler.
OSRM is not the first company to offer risk indemnification. The Open Source Development Labs, Red Hat and Novell are all offering financial protection to Linux users who might be sued. IBM says it doesn't see any need, noting that it is part of the OSDL effort.
OSRM says its coverage differs from HP's, Red Hat's and Novell's in that those vendors are only covering their own Linux distributions, while OSRM covers any Linux distro.
OSRM is also launching a program for the 1,500 companies that last year received letters from SCO warning them they are in violation of SCO's intellectual property rights, Egger said.
"As you know, you can't buy insurance from anyone, not even from OSRM, if you've already been threatened by a lawsuit," he said. But OSRM has assembled a panel of intellectual property defense litigators who have pooled information and will provide that information to help companies defend against a lawsuit. The service costs $100,000 annually, and is available now.
"The companies can keep the lawyers they already have. They don't have to pay the lawyers to come up to speed on this case, which is highly, highly technical," Egger said.
OSRM is also making a program available for contributors to the Linux kernel. OSRM will launch a telephone hotline for developers who wish to discuss legal issues with members of the legal advisory council. Developers can discuss what kind of documentation they should get from their employers to prove the employer has no financial interest in code the developer is contributing to open source projects. OSRM will also provide $25,000 for legal defense coverage if the developers get sued by name - which, Egger said, he finds highly unlikely. The program for developers will be available within the week.
OSRM is analyzing source code for possible intellectual property violations using a combination of automated tools, and human review.
Among the researchers working with OSRM is Pamela Jones, author of the popular weblog about the SCO lawsuit, Groklaw.net. OSRM has given Jones a grant to help her run Groklaw, but it is not providing her a salary or controlling Groklaw editorially, Egger said. OSRM said it also may use Jones's professional services in the future; she is a paralegal contractor, meaning she does legal research professionally.