Thank you for sharing!

Your article was successfully shared with the contacts you provided.
Open-source software is a boon to computer programmers: by sharing the source code for freely released software, anyone (with the skill) can modify it for their own needs. A growing movement, open-source software is finding its way into a lot of companies’ programming departments. It’s also finding its way into their lawyers’ offices — the licensing requirements of most open-source software are creating new concerns, and new work, for lawyers serving the tech industry. Under the GNU General Public License that governs a large number of open-source products, open-source code can only be tightly integrated into other open-source products, and a condition of using the code is that the user also publish its modified version of the code. Not everyone knows to do that — or interprets the license’s requirements the same way. Take Cisco Systems Inc. When the hardware giant bought competitor Linksys in 2003, it claims it didn’t realize Linksys had been using products that incorporated open-source code. Cisco eventually incurred the wrath of the not-for-profit Free Software Foundation, which enforces the GPL. Eventually, according to reports published in Forbes magazine and elsewhere, legal wrangling ended with Cisco having to make the costly move of releasing the code. With the possibility of these kinds of surprises popping up in tech industry acquisitions, new legal services have arisen to reduce the risk. Most recently, a consulting outfit called Open Source Risk Management has partnered with Lloyds of London underwriter Kiln and broker Miller Insurance Services to offer insurance against open-source liability. “Everybody is really recognizing these risks and becoming more and more interested in promoting themselves,” said Stephen Gillespie, a partner at Fenwick & West. “There is somewhat of a jump on the bandwagon among lawyers.” While some question the need for open-source insurance, there’s definitely a lot of money at stake. Apart from related business costs, misusing open-source software can cost $150,000 per violation per copy of the software distributed, Gillespie said. For now the insurance is being offered mainly as coverage to acquiring companies. It will be available soon to companies looking to be bought, who are shopping themselves. Many lawyers are not sure whether the new insurance will be worth the costs, which include spending $25,000 to $50,000 on risk assessment even before the insurance is purchased. Along with insurance, there are companies ready to find open-source problems before they become problems. The insurance now offered through Lloyds of London includes a risk assessment, consulting services and additional coverage. Black Duck Software Inc. and San Francisco’s Palamida scan code for compliance problems. Other consulting services look for ways to get rid of the problem, such as extracting the open-source code and inserting a proprietary replacement. Mark Radcliffe, a partner at DLA Piper Rudnick Gray Cary, said costly open-source insurance might not be necessary for many companies. “Since there haven’t been a lot of lawsuits with big judgments,” he said, “I am not sure the need for insurance is as pointed as it is for large management tools.” In particular, he said, Black Duck and Palamida are routinely used in acquisitions. Insurance isn’t a one-size-fits-all solution, said James Gatto, a partner at Pillsbury Winthrop Shaw Pittman. “It’s another arrow in the quiver,” he said. “If we find issues, we can mitigate them.” DEALING WITH IT It’s not clear how often violations of license are enforced in relation to open-source code. So far, the Free Software Foundation’s efforts to police violations of the GNU General Public License has mainly been waged through negotiating with companies it identifies as possible violators. Eben Moglen, who acts as counsel to the FSF, said the organization sends out letters citing possible violations three dozen times a year, and less than half a dozen times a year does it ask a company to make a change. “Zero times a year do we have to make any substantial demonstration of legal weight,” Moglen, the foundation’s general counsel, added. “The big hammer that [entities such as the Free Software Foundation] have is injunctions,” said Heather Meeker, a partner at Greenberg Traurig who also represents Open Source Risk Management. Having your product pulled off shelves while fighting a licensing claim is a software maker’s biggest fear. “It is almost like nobody has to say it.” Whether or not that hammer gets used, some lawyers say the insurance might be useful because it’s hard to know, while working through a merger, whether open-source problems will emerge later. Moglen argued that the fact that the insurance exists proves that open-source liability is quantifiable and manageable. Open-source liability can kill a deal, and it does affect the value of a transaction, according to lawyers. In the absence of insurance, some companies will accept a reduction in deal price. Another solution is to set up an escrow account with funds to cover potential exposure, according to lawyers. Often the escrow accounts for about 10 percent of the deal price. If a dispute over open-source arises after the close of a transaction, companies often turn to a mediator, who can resolve the dispute and keep it confidential. But insurance, some argue, can keep the problem from going that far. “Insurance is a way to move this issue off the table rather than arguing over the size of the liability,” said Wilson Sonsini Goodrich & Rosati partner Adit Khorana, who also advises Open Source Risk Management. “The question of liability is only a useful [negotiating] chip because it often is not completely refutable.” In addition to the insurance policy currently on offer, Open Source Risk Management is planning to come out with another product to protect users of the Linux operating system and other open-source products from third-party claims. Linux and claims against third parties were at the heart of the highest-profile open-source lawsuit to date. The SCO Group claims it owns the Unix software code that underlies the Linux operating system. It sued IBM for more than $1 billion in damages, contending that in donating modified Unix code to Linux programmers, IBM breached a licensing agreement now controlled by SCO. SCO has sued a number of other companies over similar claims of Unix copyright infringement. Some observers have doubted the strength of SCO’s arguments in the complex case, but OSRM Chairman Daniel Egger, who recently sat for the California Bar Exam, said it inspired him to create open-source insurance. “What was striking was the amount of uncertainty and fear caused by a relatively weak claim,” Egger said. “Just because they cried wolf doesn’t mean there aren’t wolves out there.”

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.