Insurer launches $10 million open-source policy

Open Source Compliance Insurance should protect against infringements on open-source licenses.

Martin LaMonica
Martin LaMonica Former Staff writer, CNET News
Martin LaMonica is a senior writer covering green tech and cutting-edge technologies. He joined CNET in 2002 to cover enterprise IT and Web development and was previously executive editor of IT publication InfoWorld.
2 min read
Three organizations have partnered to offer corporate customers some insurance against the legal risks that can stem from the use of open-source software.

Insurance underwriter Kiln, which is a Lloyd's of London division, and Miller Insurance Services on Monday said they will offer open-source compliance insurance. New York-based Open Source Risk Management will be the exclusive risk assessor.

The insurance will cover up to $10 million in damages, including profit losses related to noncompliance with an open-source software license. The policy could, in some cases, cover the cost of repairing code that was found to infringe on open-source licenses such as the General Public License, which is used with the Linux operating system.

The insurers said more than 30 legal claims in the last two years have involved infringements on open-source licenses. In each case, the plaintiffs were able to restrict the use of their code.

"The emerging open-source model of worldwide collaborative technology development introduces novel business risks that traditional insurance products can, but have not, addressed," said Matthew Hogg, an underwriter for Kiln Risk Solutions.

Daniel Egger, CEO of Open Source Risk Management, said many companies inadvertently expose themselves to legal risks when they use open-source software.

In particular, companies may infringe on copyright laws when distributing their own software--which could include open-source products--to business partners or customers, Egger said.

"Allowing people to log on to your database is not distribution. But sending them a CD-ROM with a copy of software that lets them do data analysis on that database would be," he said.

Egger said his firm advises clients how to sidestep violations, which are infrequent. However, more and more corporations are using open-source software. "Open source itself is not separable," he said. "It's hard to imagine an enterprise system without tight links to open-source components."