Does Open Source Indemnification Matter? Enterprises Say Hell Yes.

Enterprises look to open source indemnification to provide financial protection in case of IP lawsuits against open source projects

In my job at OpenLogic, I've worked with hundreds of organizations (most of them in the Fortune 500) on developing open source policies and implementing open source governance programs.

As I talk with these large enterprises, almost all of them want indemnification around open source software to provide financial protection in the case of IP lawsuits.

One CTO we've worked with, Carol Rizzo, has been CTO at three different Fortune 500 companies: Kaiser Permanente, AIG and CitiGroup. Last year, Carol outlined the top five tips for using open source software.

One of her most important tips for organizations was to get indemnification on any software used in the organization.  Carol wrote

"Lawsuits happen in the software industry, whether it's proprietary or open-source software. Some legal actions you hear about, some you don't. It is critical, especially if the software you are using is important to your business, that you have indemnification to protect you from legal actions that could preclude you from further use. Indemnification is available from many of the commercial open source vendors."

This is why research announced this week by Olliance Group and ActiveState, presented in this slide deck entitled "Safeguarding Against the Risks of Improper Open Source Licensing - _Valuable Lessons for Software and Hardware Vendors"  sounded so alarming. This survey found 62% of enterprise open source developers and IT staff didn't know if their open source projects were indemnified or not.

The survey asked:

 "What percentage of open source projects in your organization are currently indemnified?" 

  • Don't know - 62%
  • 0-25% - 24%
  • 26-50% - 4%
  • 51-75% - 2%
  • 76-100% - 8%

Olliance doesn't claim that this survey was exhaustive, scientific research (the poll was taken from webinar attendees), but the numbers don't surprise me too much. As I wrote last week, we see 4 stages of open source adoption. The response above seem to fit the earlier stages of open source adoption.

Specific IP lawsuits tend to garner lots of attention -- such as the 2 high profile open source intellectual property lawsuits that are falling by the wayside or the Software Freedom Law Center (SFLC) infringement lawsuit filed against Best Buy, Samsung, Westinghouse, and JVC are among the 14 consumer electronics companies.

But as Carol says, there are a lot of legal actions you never hear about. This is a major reason why many enterprises find that it is simply sound corporate policy to indemnify all software used in their organization, proprietary or open source.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)