SAN FRANCISCO, Aug. 2, 2004 –Read today’s legal news, law, law fi…

SAN FRANCISCO, Aug. 2, 2004 –Read today’s legal news, law, law firm news, legal research on LAWFUEL– Open Source Risk Management
(OSRM), the only vendor-neutral provider of Open Source risk
mitigation and management solutions, today announced results
of the first-ever evaluation of potential patent
infringement by the Linux kernel, along with a patent
insurance program for enterprise Linux users.

Well-known patent attorney Dan Ravicher, founder and
executive director of the Public Patent Foundation and
senior counsel to the Free Software Foundation, reviewed all
U.S. software patents that have been litigated through
appeal, examining whether the Linux kernel contains
technology that could trigger patent claims against
end-users. In conclusion, he found that no court-validated
software patent is infringed by the Linux kernel. However,
Ravicher also found 283 issued but not yet court-validated
software patents that, if upheld as valid by the courts,
could potentially be used to support patent claims against
Linux. In response, OSRM will be expanding its risk
mitigation and insurance offerings to cover this
quantifiable risk.

“Patents pose a financial risk to corporate Linux users —
just like they do to corporate users of almost any software
— because, whether or not a patent is truly infringed, it
costs $3 million dollars on average to defend a patent
lawsuit,” said Ravicher. “This heavy cost of proving even
weak patents invalid could fall on unprepared end-users –
who, until now, have often been forced to pay settlements to
avoid risking millions on litigation. OSRM’s new patent
insurance gives such end-users another way to address the
issue, as it is a direct competitive alternative to
licensing or litigating.”

Ravicher summed up the findings of his review as follows:
“Bottom line, we confirmed what the community already knew;
that Linux, like any other wildly successful product, has a
patent risk. But, we also concluded that the Linux patent
risks are manageable because of the economies of scale
achieved by bringing together large numbers of end-users
through a structured program of insurance and loss-control,
like that now offered by OSRM. This patent risk is in line
with what we expected to find, and likely comparable to the
level of risk you would find in comparable proprietary
software; the only difference with open source software
being that proprietary software vendors typically provide
legal backing for their customers.

“So the news is both good and bad,” continued Ravicher. “The
bad news is that we identified 283 issued patents that have
not yet been litigated, and contain claims that could
conceivably be brought against Linux end-users and create
financial exposure if found valid. And, of course,
not-yet-issued patents could create similar problems. But,
the good news is that none of the fully litigated patents we
reviewed contain claims that cover Linux.”

Additionally, Ravicher found that about a third of the 283
issued patents are owned by large corporations that are
friendly to Linux — ones with some current financial
interest in broad Linux adoption, including: Cisco, HP, IBM,
Intel, Novell, Oracle, Red Hat, Sony, and others. However,
to date, no Linux vendor has publicly offered its customers
legal protection for patent liability; nor has any entered
into an explicit agreement promising never to use its own
patents against Linux users. Also, 27 of the 283 patents are
held by Microsoft, an outspoken opponent of Free and Open
Source software; and still others by individuals or shell
corporations who may have little to lose by making legal
threats against enterprise Linux users in pursuit of
settlement dollars.

“Current U.S. patent law creates an environment in which
vendors and developers are generally advised by their
lawyers not to examine other people’s software patents,
because doing so creates the risk of triple damages for
‘willful’ infringement,” said Daniel Egger, chairman and
founder of Open Source Risk Management. “This studied
ignorance leaves the field open to those who would spread
fear and disinformation. It also means that only a
vendor-neutral entity, like OSRM, has the freedom and
incentive to assess the true risks.”

Solutions: Insurance, Risk Consulting and Patent Policy

OSRM, applying its own proprietary risk-models and pricing
heuristics, found that, when combined with OSRM’s
loss-control methods and resources, corporate use of Linux
kernel versions 2.4 and 2.6 is an insurable patent-liability
risk. Thus, OSRM plans to underwrite combined copyright and
patent insurance for enterprise users by year’s end. As OSRM
is limiting capacity for the first year, current and
potential enterprise Linux users are already putting their
names on OSRM’s confidential waiting list for this coverage,
which provides for legal defense and damages if sued for
Linux use.

“An enterprise that solely chooses to license patents as a
way to deal with patent risk will have to deal with every
single patent holder, and will have no effective way to cap
and effectively manage their total patent exposure,” said
Daniel Egger. “In contrast, OSRM clients are protected from
any and all patent assertions made against them; either
solely through OSRM coverage or by supplementing their own
patent licensing with OSRM’s insurance to provide full

For corporations and outside counsel seeking more
specialized answers, OSRM offers risk mitigation consulting
to help audit, price, manage and mitigate the unique risks
from enterprise use of Free and Open Source Software. In
addition to this underwriting and specialized patent defense
information developed for its clients, OSRM is active in
promoting systematic patent policy reforms to address the
issue at its roots, patent policies themselves. A free OSRM
position paper, titled “Mitigating Linux Patent Risk” will
be available for download from,
providing a more in-depth discussion of the specific steps
corporations, developers, and the Open Source community can
take to mitigate Linux patent risk.

“The most important message to take away — based on OSRM’s
proprietary research and quantitative models and the best
independent legal analysis available to us — is that the
core of the Linux operating system appears to be a normal,
insurable patent risk for the businesses that use it. And,
based on our hands-on work with many different types of
customers, we have found the total cost of ownership of
using Linux to still be dramatically lower than proprietary
alternatives for customers that add in the cost of effective
risk-management,” said Egger. “What it boils down to is
that Linux has patent risks; but they can and will become
conventional insured risks, just an everyday cost of doing
business. OSRM’s whole mission is to make the issue of Linux
liability simple, routine, and manageable.”

About Open Source Risk Management

Supported by top Open Source leaders and intellectual
property (IP) legal experts, Open Source Risk Management
(OSRM) is the industry’s only vendor-neutral provider of
risk mitigation, indemnification, and management services
for enterprise Open Source users. OSRM helps organizations
assess potential legal risks around their use of Open Source
software, and design risk mitigation solutions based on a
set of best practice protocols. Additionally, OSRM provides
indemnification for legal claims against Open Source, by
underwriting copyright and patent coverage through its
affiliates, for the Linux kernel versions 2.4 and 2.6.
Through its Open Source Legal Defense Center, OSRM also
works in tandem with highly specialized software IP lawyers
to offer coordinated legal defense services.

For more information, please visit

Karen Duffin
Bite Communications for OSRM

Scroll to Top