Results of First-Ever Linux Patent Review Announced, Patent Insurance Offered by Open Source Risk Management

SAN FRANCISCO, Aug. 2 /PRNewswire/ -- Open Source Risk Management (OSRM), the only vendor-neutral provider of Open Source risk mitigation and management solutions, today announced results of the first-ever evaluation of potential patent infringement by the Linux kernel, along with a patent insurance program for enterprise Linux users.

Well-known patent attorney Dan Ravicher, founder and executive director of the Public Patent Foundation and senior counsel to the Free Software Foundation, reviewed all U.S. software patents that have been litigated through appeal, examining whether the Linux kernel contains technology that could trigger patent claims against end-users. In conclusion, he found that no court-validated software patent is infringed by the Linux kernel. However, Ravicher also found 283 issued but not yet court-validated software patents that, if upheld as valid by the courts, could potentially be used to support patent claims against Linux. In response, OSRM will be expanding its risk mitigation and insurance offerings to cover this quantifiable risk.

"Patents pose a financial risk to corporate Linux users -- just like they do to corporate users of almost any software -- because, whether or not a patent is truly infringed, it costs $3 million dollars on average to defend a patent lawsuit," said Ravicher. "This heavy cost of proving even weak patents invalid could fall on unprepared end-users - who, until now, have often been forced to pay settlements to avoid risking millions on litigation. OSRM's new patent insurance gives such end-users another way to address the issue, as it is a direct competitive alternative to licensing or litigating."

Ravicher summed up the findings of his review as follows: "Bottom line, we confirmed what the community already knew; that Linux, like any other wildly successful product, has a patent risk. But, we also concluded that the Linux patent risks are manageable because of the economies of scale achieved by bringing together large numbers of end-users through a structured program of insurance and loss-control, like that now offered by OSRM. This patent risk is in line with what we expected to find, and likely comparable to the level of risk you would find in comparable proprietary software; the only difference with open source software being that proprietary software vendors typically provide legal backing for their customers.

"So the news is both good and bad," continued Ravicher. "The bad news is that we identified 283 issued patents that have not yet been litigated, and contain claims that could conceivably be brought against Linux end-users and create financial exposure if found valid. And, of course, not-yet-issued patents could create similar problems. But, the good news is that none of the fully litigated patents we reviewed contain claims that cover Linux."

Additionally, Ravicher found that about a third of the 283 issued patents are owned by large corporations that are friendly to Linux - ones with some current financial interest in broad Linux adoption, including: Cisco, HP, IBM, Intel, Novell, Oracle, Red Hat, Sony, and others. However, to date, no Linux vendor has publicly offered its customers legal protection for patent liability; nor has any entered into an explicit agreement promising never to use its own patents against Linux users. Also, 27 of the 283 patents are held by Microsoft, an outspoken opponent of Free and Open Source software; and still others by individuals or shell corporations who may have little to lose by making legal threats against enterprise Linux users in pursuit of settlement dollars.

"Current U.S. patent law creates an environment in which vendors and developers are generally advised by their lawyers not to examine other people's software patents, because doing so creates the risk of triple damages for 'willful' infringement," said Daniel Egger, chairman and founder of Open Source Risk Management. "This studied ignorance leaves the field open to those who would spread fear and disinformation. It also means that only a vendor-neutral entity, like OSRM, has the freedom and incentive to assess the true risks." Solutions: Insurance, Risk Consulting and Patent Policy Reform

OSRM, applying its own proprietary risk-models and pricing heuristics, found that, when combined with OSRM's loss-control methods and resources, corporate use of Linux kernel versions 2.4 and 2.6 is an insurable patent- liability risk. Thus, OSRM plans to underwrite combined copyright and patent insurance for enterprise users by year's end. As OSRM is limiting capacity for the first year, current and potential enterprise Linux users are already putting their names on OSRM's confidential waiting list for this coverage, which provides for legal defense and damages if sued for Linux use.

"An enterprise that solely chooses to license patents as a way to deal with patent risk will have to deal with every single patent holder, and will have no effective way to cap and effectively manage their total patent exposure," said Daniel Egger. "In contrast, OSRM clients are protected from any and all patent assertions made against them; either solely through OSRM coverage or by supplementing their own patent licensing with OSRM's insurance to provide full protection."

For corporations and outside counsel seeking more specialized answers, OSRM offers risk mitigation consulting to help audit, price, manage and mitigate the unique risks from enterprise use of Free and Open Source Software. In addition to this underwriting and specialized patent defense information developed for its clients, OSRM is active in promoting systematic patent policy reforms to address the issue at its roots, patent policies themselves. A free OSRM position paper, titled "Mitigating Linux Patent Risk" will be available for download from osriskmanagement.com, providing a more in-depth discussion of the specific steps corporations, developers, and the Open Source community can take to mitigate Linux patent risk.

"The most important message to take away -- based on OSRM's proprietary research and quantitative models and the best independent legal analysis available to us -- is that the core of the Linux operating system appears to be a normal, insurable patent risk for the businesses that use it. And, based on our hands-on work with many different types of customers, we have found the total cost of ownership of using Linux to still be dramatically lower than proprietary alternatives for customers that add in the cost of effective risk- management," said Egger. "What it boils down to is that Linux has patent risks; but they can and will become conventional insured risks, just an everyday cost of doing business. OSRM's whole mission is to make the issue of Linux liability simple, routine, and manageable." About Open Source Risk Management

Supported by top Open Source leaders and intellectual property (IP) legal experts, Open Source Risk Management (OSRM) is the industry's only vendor- neutral provider of risk mitigation, indemnification, and management services for enterprise Open Source users. OSRM helps organizations assess potential legal risks around their use of Open Source software, and design risk mitigation solutions based on a set of best practice protocols. Additionally, OSRM provides indemnification for legal claims against Open Source, by underwriting copyright and patent coverage through its affiliates, for the Linux kernel versions 2.4 and 2.6. Through its Open Source Legal Defense Center, OSRM also works in tandem with highly specialized software IP lawyers to offer coordinated legal defense services.

For more information, please visit http://www.osriskmanagement.com. Contact:

Karen Duffin

Bite Communications for OSRM

t: 415-365-0459

e: karen.duffin@bitepr.com This release was issued through eReleases(TM). For more information, visit http://www.ereleases.com.