Perens: Linux indemnification not for everyone

Hacker, open-source advocate, venture capitalist, company man, pundit: Bruce Perens has worn a lot of hats over the last few years, building up a unique combination of hacker credibility and business know-how. These days, when he's not fielding press queries about the ongoing dispute between The SCO Group Inc. and the Linux community, Perens spends his time speaking about Linux and open source software and providing consulting services for technology companies.

On May 1, Perens was appointed to the board of directors of Open Source Risk Management LLC, (OSRM) a 15-person start-up based in New York that offers professional services, and even indemnification against lawsuits, for users and developers of open source software. Perens, one of the founders of the Open Source Initiative, talked with IDG News Service Thursday on the topics of OSRM, Linux indemnification, and how the SCO lawsuits may eventually change the world of proprietary software. Following is an edited transcript of the conversation:

IDG News Service: It seems that SCO's lawsuits have generated a lot of interest in the legal community in open source software and open source licenses. To what extent do you think SCO's actions have created a boom market for lawyers?

Bruce Perens: It's created a market. I wouldn't call it a boom market. All they are doing is contract work and due diligence.

IDGNS: But suddenly everyone using Linux seems to be thinking about legal liabilities.

Perens: That's why Open Source Risk Management has stepped up to address this question.

IDGNS: OSRM seems to be capitalizing on this.

Perens: I want to be very careful about that, because OSRM is not capitalizing on FUD (fear, uncertainty, and doubt), OSRM is going around and talking about what the real risks and benefits are.

IDGNS: Do you think people were misguided to think of open source software as "free" when it first came on the corporate radar?

Perens: Not at all. I think that open source is still free software, in both freedom and price. There is still no reason why your enterprise business cannot get its software at zero cost.

IDGNS: But isn't the price of indemnification against potential lawsuits now a necessary cost?

Perens: I am not promoting that everyone go out and buy an indemnification policy from OSRM. I am promoting that large businesses look at their software risk. A good deal of what OSRM does is not providing indemnification, it is managing risks in other ways.

IDGNS: So what kind of enterprises don't need indemnification now?

Perens: Frankly, I think that unless someone is asking you to purchase indemnification or indemnify your business, that you may well have a conventional liability policy for your business. Pretty much every business of a certain size has a liability policy. They know they will be liable in some way, from time to time, (for matters that have) no connection with open source. They insure themselves against those risks.

Now, the biggest role I see for OSRM is working with conventional insurance companies that offer blanket liability policies, not just open source indemnification, to make sure the open source component of that is reasonable. But if look at large companies, there aren't companies of a reasonable size that don't carry liability insurance.