For a year or more now, there have been some attempts to insure risks of open source, mostly attempts to protect against lawsuits claiming intellectual property infringement, such as the SCO lawsuits. Most of this protection has been organized by indivdual open source vendors, such as Red Hat, HP, or Novell.
Now Lloyds is announcing plans to offer wider coverage that is not tied to any particular vendor, in conjunction with an organization called Open Source Risk Management (OSRM). According to an article by Gavin Clarke in the Channel Register:
OSRM will assess both the risk of the software in use and the individual company, before passing on the risk to the appropriate insurance company on the Lloyds market.According to OSRM's web pages, such coverage will go beyond the specific code sold by open source vendors, to also cover code modified by users. That is, it will cover open source as open source, not just as a specific vendor's product.
The biggest intellectual property risk of open source appears to be not any actual intellectual property infringements, which seem to be quite rare, rather the risk of lawsuits just to force an open source using company to have to choose between spending a great deal of money to defend, or paying off the plaintiff. According to the article:
Arguably, one of the worst-case scenarios is the so-called "colorable case" - where there is no substance to an IP claim, but a company is forced to waste millions of dollars to defend the claim or settles early for a large sum to make the case go away. The average US patent action is estimated to cost $2m, according to the American Intellectual Property Lawyers' Association.Even for a large company, a couple of million dollars can be significant. Such sums for a small company can be the difference between profit and loss.
Those likely to threaten companies and users are commercial software vendors and a growing number of specialist organizations that buy IP patents in order to charge users for their use.The kind of protection Lloyds and OSRM are preparing to offer could help make such specialist organizations have to look for a new racket.
Thanks to Martin for pointing out the article.