March 17, 2004 6:30 AM PST
Start-up offers shelter to SCO targets
New York-based Open Source Risk Management launched a consulting service on Wednesday that is geared toward helping companies minimize legal risks. In four or five weeks, it also intends to offer an insurance-like service to pay legal costs if those companies get sued, said Daniel Egger, Open Source Risk Management's chairman.
Although companies including Hewlett-Packard, Novell, MontaVista Software and Red Hat have begun offering some legal protections to buyers, they aren't sufficient, Egger said. In particular, their guarantees don't apply if a customer modifies the software, a practice Egger believes is common among heavy-duty Linux users.
"SCO has brought home to users that there was a structural weakness in the open-source business model," Egger said in an interview at the Open Source Business Conference here. "There's no one company to stand behind the code base and protect users in case they get sued."
Open Source Risk Management isn't the only one to see an opportunity. Black Duck Software offers tools to let software companies identify proprietary and open-source software in their products so they can make sure they aren't violating any license terms.
And the legal implications of open-source software are gaining interest. SCO, a company that bought Unix intellectual property in 2001 and asserts ownership of Unix copyrights, argues that Linux infringes its Unix intellectual property and is suing Linux users, as well as IBM, in the matter.
"In the last several weeks, my phone has rung off the hook with in-house counsel calling," said Mark Koehn, an intellectual property attorney with Shaw Pittman, who provides advice on open-source issues and who spoke at a panel on intellectual property issues at the conference. Those lawyers who call him are "used to dealing with traditional licensing issues," but now they tell him, "'I just found out we're running Linux, and people are getting sued. Tell me about this,'" Koehn said.
It's those legal issues that Open Source Risk Management is seeking to profit from. The start-up is based in New York and has an office in Durham, N.C., where Egger's venture capital fund, Eno River Capital, is based. The start-up has five employees and 10 consultants right now, Egger said.
Start with the kernel
The company will start with legal protection for users of the Linux kernel--the heart of the operating system--plus some still unspecified amount of higher-level software, Egger said. To do so, the company will maintain a certified repository of certain open-source software and will indemnify companies using that code, up to a predetermined limit.
The service will offer a certain amount of financial protection to customers for legal costs incurred by copyright claims. The cap in dollar terms for patent cases will be lower, because there is more uncertainty in patent law, Egger said.
Open Source Risk Management buys insurance itself to back up its own offering, Egger noted.
Asked whether Red Hat, Novell or others could extend their protections to encroach on his company's business, Egger said: "They can join us. It would be in their interests to do so." He added that Open Source Risk Management is in talks with some technology suppliers about such alliances. "The rational thing to do is work cooperatively," he said.Egger got the idea from considering a hedge fund that would invest on the assumption that SCO would fail in its suits. Once he decided that such a fund wasn't a financially viable route, he changed course toward a risk-hedging service.
To help in the effort, Egger said, he hired legal researcher Pamela Jones, who also operates the Groklaw Web site that is popular with Linux fans for its coverage of SCO's machinations. Through the partnership, Open Source Risk Management will be able to tap into a Unix timeline that Jones will produce with the help of 400 volunteers, including some original Unix authors, Egger said. The timeline will trace Unix's source code and licensing history, Egger said.
Initial customers will likely be larger companies such as those who have received letters from SCO warning that it believed Linux violates its Unix intellectual property. But smaller companies will follow as SCO expands its list of targets, Egger predicted.
"I'm pretty much counting on lots of innovation in plaintiffs' lawyers' tactics," he said.