Open Source Risk Management Inc. released the results of its study on Monday, the opening day of the LinuxWorld trade show in San Francisco. Patent attorney Dan Ravicher, senior counsel for the Free Software Foundation, which promotes the use of free software, conducted the research.
The study identified 283 software patents that could potentially be used to support claims against Linux, an open-source operating system that's distributed for free. Linux is the center of a pending multi-billion-dollar copyright infringement suit filed in 2003 by SCO Group Inc. against IBM.
Of those patents, a third are owned by companies that support the use of Linux and are unlikely to take legal action, Open Source Risk Management said. Those companies include Cisco Systems, Hewlett-Packard, IBM, Intel, Novell, Oracle, Red Hat, and Sony.
Of the remaining patents, however, 27 belong to Microsoft, which is an outspoken opponent of Linux. The rest belong to companies or individuals who would have little to lose in making legal threats against Linux users in the hopes of reaching lucrative settlements, Open Source Risk Management said.
However, some analysts aren't convinced that users face a major legal threat from Linux, pointing to a recent court decision to throw out most of a lawsuit filed by SCO against DaimlerChrysler and another separate decision to delay a suit against auto parts retailer AutoZone Inc.
Vendors distributing Linux in products are the more likely targets, not their customers.
"It would seem that if there's a truly major patent issue with Linux, then it's primarily the vendors that will have to deal with it," said Gordon Haff, an analyst at market researcher Illuminata. "The consequences, however, could percolate down to the end user in the form of having to make changes to code and versions of the operating system to stay in compliance with requirements (handed down by a court)."
While such changes to a company's IT system would be disruptive from a business operations standpoint, the damage couldn't be lessened by insurance, Haff said.
Open Source Risk Management, on the other hand argues, that SCO's actions have opened a Pandora's box of potential legal problems, and there's no way to tell how the courts will rule on patent and copyright issues related to Linux use. The company points out that while companies usually protect customers against patent suits related to proprietary software, Linux backers such as IBM and Red Hat are only offering limited protection.
"It's not clear if anyone would step in" to protect Linux users, Ravicher said. "It's kind of like brushing your teeth. Do you brush and floss before you have cavities, or do you wait to see if they form?"
On average, it costs companies $2 million to $4 million to defend against patent lawsuits, Ravicher said. The lawyer, however, acknowledged that there haven't been any successful patent suits stemming from the use of open-source software.
In addition, no patents that have been validated by a court were among the 283 identified by Open Source Risk Management. About half the patents challenged in court are found to be invalid.
"It's going to be up to businesses to decide the risk they want to prepare for, and the risk they want to handle themselves," Ravicher said.
Open Source Risk Management plans to offer up to $5 million in coverage for legal costs associated with patent and copyright claims, for an annual premium of about $150,000. The policy is available now, but won't take effect until January.