Kiln plc, a Lloyd’s of London underwriter, Miller Insurance
Services Limited, a Lloyd’s broker, and risk assessor Open Source
Risk Management (OSRM) of New York, are working together to offer
the product.
Open Source Compliance Insurance, as the policy will be called,
claims to be the world’s first policy to cover the specialised
risks faced by enterprises that include or rely upon elements of
Linux and other open source software in their commercial products
or internal IT infrastructure.
With open source software, the source code is made available for
use or modification as users or other developers see fit. It is
usually developed as a public collaboration and made freely
available, but comes with a licence detailing the conditions of
use.
The most famous of these licences is the GPL (General Public
Licence), which is used for many free software projects, including
the Linux operating system kernel. The GPL licenses software free
of cost but requires any re-distributor to provide the full source
code and a copy of the full licence text.
According to Kiln, Miller and OSRM, in the last two years there
have been more than thirty legal claims involving infringement of
open source licences around the world. In each case, plaintiffs
have prevailed in enforcing their rights to restrict the use of
their code.
A common risk faced by firms includes the development of
proprietary software, such as trading tools or inventory management
applications, using one or more open source software components.
Simple actions like making these tools available on an extranet, or
sending them to external partners or suppliers, constitutes
"distribution" under a GPL licence and requires a company to open
source that proprietary application, making it freely available to
competitors.
Open Source compliance is excluded from standard Errors and
Omissions insurance and is of particular concern for privately held
technology companies seeking to be acquired in merger and
acquisition transactions, obtaining equity financing or going
public. It is also a potential material risk for US public
companies and some UK public companies under Sarbanes-Oxley.
"The emerging open source model of worldwide collaborative
technology development introduces novel business risks that
traditional insurance products can but have not addressed," said
Matthew Hogg, underwriter for Kiln Risk Solutions. "Open Source
Compliance insurance will make it safe for large and small
corporations to adopt and build upon the important innovations
coming from this vibrant global community."
Open Source Compliance Insurance will initially offer cover of
up to $10 million for direct loss suffered by the insured following
a finding of non-compliance with specific licence agreements under
which open source code is obtainable.
According to Kiln, Miller and OSRM, the insurance will indemnify
the insured for the loss of profits associated with the withdrawal
or alteration of a product incorporating non-compliant code or the
impaired valuation of an acquisition agreement exchanging open
source software. In certain circumstances the policy would also pay
the costs to mitigate such losses including the expense of repair
or replacement of code that is found to infringe upon the GPL or
other Open Source licences.
Speaking to ComputerWorld.com, Forrester Research analyst
Michael Goulde welcomed the move, but described the policy as
“fairly narrow,” explaining that it was targeted more at commercial
software firms than general corporate open source users.
