Recent Posts

RSS Feeds

Open Source Compliance Insurance - more evidence of maturing market

Posted on November 02, 2005 by Bill Dudney

I found this very interesting indeed.

Basically the insurance company will underwrite you and cover various types of 'direct loss' if/when you pass their compliance audit. From the article;

In practice, OSRM has a team of five people who will carry out an open-source license compliance review on a company's software. This initial risk assessment costs between $25,000 and $50,000, according to Egger. OSRM will then report back to Hogg's Kiln on the findings of the review and after establishing the company's risk profile, the insurance policy will be drawn up. "The review firms up the facts that we've looked at it and believe in the position," Hogg said. "The buck [then] stops with the insurance company."

The team comes in and makes sure you are not currently in violation of the licenses of FOSS your company is using then provides coverage if you pass (and I would guess would give you points on how to pass if you currently don't). This makes me wonder what happens over time. Would something like Black Duck provide the on-going protection to keep your code in complainace? Not sure what the insurance company would require for the ongoing nature of development and the possibility of violations sneaking in. Later in the article though it says to get $10M worth of coverage will cost about $200K per year. Perhaps at that rate the insurance company could afford to send in someone from time to time to do a follow on assessment.

I'm not sure how I feel about insurance though. With insurance comes lawyers and with lawyers comes complexity. It will be interesting to see how many takers this type of insurance has.

Permalink     No Comments

« Latest Addition | Main | no more spam trackba... »


Post a Comment:
  • HTML Syntax: Allowed