Three organizations are teaming up to offer what they claim is the first open source compliance insurance policy to provide coverage for companies around the world that are using open-source software in their businesses or within their own operations. The three organizations are risk mitigation consultancy Open Source Risk Management (OSRM), a Lloyd's of London underwriter Kiln and a Lloyd's broker Miller Insurance Services.

The policy will be called Open Source Compliance Insurance and it will initially offer maximum coverage of $10 million, according to OSRM CEO Daniel Egger. A company signing up for the policy will be reimbursed if they are determined to have suffered a direct loss should software they use or sell be found not to be in compliance with specific open source license agreements.

The definition of a direct loss may include any revenue loss a company might incur in relation to a product containing noncompliant open source software such as being forced to withdraw the product from the market or having to change it in some way such as rewriting part of the code. Another definition of a direct loss relates to any potential negative impact the discovery of noncompliant open source software may have on the value of a company's impending merger or acquisition, Egger said in a recent interview.

OSRM will act as the exclusive worldwide risk assessor and advisor for the new insurance policy, according to Matthew Hogg, intellectual property underwriter at Kiln. "If you take the example of the insurer of a commercial property, OSRM is the surveyor, " he said in a recent interview. Or in terms of title insurance, OSRM is the company that plows through all the documents to establish title, Egger added.

In practice, OSRM has a team of five people who will carry out an open source license compliance review on a company's software. This initial risk assessment costs between $25,000 and $50,000, according to Egger. OSRM will then report back to Hogg's Kiln on the findings of the review and after establishing the company's risk profile, the insurance policy will be drawn up. "The review firms up the facts that we've looked at it and believe in the position," Hogg said. "The buck [then] stops with the insurance company."

The IDG News Service is a Network World affiliate.