Two weeks late, but not a dollar short, the SCO Group has finally filed its first lawsuits against Linux-using enterprises -- AutoZone and Daimler Chrysler -- for misappropriation of intellectual property. On November 18, 2003, SCO set a 90-day deadline for itself to begin legal action against large-scale Linux users that it says are deriving significant value from Linux without an appropriate license. That deadline passed on February 16, 2004 (a national holiday). But, given the self-imposed deadline, SCO didn't want to head into its earnings announcement today without making good on its promise.

Since early 2003, SCO has been claiming that certain segments of the source code behind Linux were either directly copied from the copyrighted material it owns by virtue of Novell's 1995 sale of Unix or improperly derived from that source code. As I said when I questioned whether SCO bought Unix or the Brooklyn Bridge, SCO's enforceable rights are highly related, if not completely dependent upon, the extent to which SCO owns the intellectual property.

Although a mountain of conventional wisdom from all kinds of sources argues the frivolity of SCO's claims on both counts, the reality is that we'll have to wait for the outcomes of SCO's pending cases with IBM and Novell (and perhaps the ensuing appeals) to know with certainty what enforceable rights, if any, the courts are willing to uphold.

It is for this reason that most legal experts with whom I've consulted say that before SCO can successfully enforce its intellectual property rights (IPR) with any user or distributor of Linux, all questions regarding its enforceable rights will have to be resolved. In other words, we can expect the end-user lawsuits to get stayed for quite some time.

As a result, this new round of lawsuits will be viewed as nothing more than saber rattling, a search for external validation and for momentum in establishing its claims. None of these are admirable motivations.

Although they should have no bearing on the outcome of the cases, they undoubtedly will increase the enmity toward SCO in the court of public opinion. Judging from the e-mail I received and postings on Internet forums, such as Slashdot, in response to my reporting on the issue of indemnity for enterprises, attempting to score any wins in the court of public opinion is a zero sum game for SCO.

EV1Server.net's stated reasons for prematurely (in my opinion) bowing to SCO's will reminded me that most if not all of the feedback to the special report appeared to miss its message.

The special report is aimed at enterprise IT executives and professionals. Enterprises invariably prefer certainty to uncertainty, and they often look to bury risk--even insignificant risk--in their budgets. Applying this risk aversion strategy to the financial uncertainty associated with SCO's actions is understandably hard to stomach given that SCO's claims have been contested and await their days in court. With Groklaw being the unofficial ground zero where the merits of SCO's claims are being publicly vetted--and for the most part torn to shreds--the mere thought that a company would view the specter of an SCO lawsuit as a risk worth mitigating, and therefore acknowledging (as EV1 has), is considered ludicrous by the open source community and others opposed to SCO's actions.

		Special Report: Managing the legal risks of Linux  The SCO legal train: Know your options  Handicapping SCO's latest moves  Protect Thyself 101: A primer on indemnification  Novell's protection: Covers more than SCO  HP's protection: SCO-only, but no dollar limit  Instead of indemnification, consider insurance  Defense funds: Taste great, but less filling  Is Red Hat the canary in SCO’s coal mine?  What did SCO buy--Unix or the Brooklyn Bridge?

The special report draws four conclusions for enterprises that typically bury risk in their budgets. First, there is a class of Linux users who don't even matter to SCO--they might as well hit the snooze button. Second are those for whom the issue is a risk as long as it remains unresolved by the courts. As infinitesimal as some say that risk is, it is still a risk until a judge says it isn't. Third, for most enterprises that routinely bury litigation risk in their budget, it's probably premature at this point to seek any kind of insurance. For those companies that want risk mitigation, there are many options and no two of them are alike. Fourth, for the risk to reach the point at which most companies should consider one of these options, the pendulum would need to swing seriously in SCO's favor.

I believe EV1's announcement is more a part of SCO CEO Darl McBride's public relations campaign than it is a legitimate business decision on EV1's behalf. On his Web site, EV1's "head surfer" Robert Marsh said, "[We made] a prudent business decision based upon our circumstances and our customers' needs and the need to bring certainty to their businesses." EV1's operation has 20,000-plus servers, including Windows and Red Hat Linux systems. While Marsh apparently wants to parlay such certainty into a differentiator that sets EV1 apart from its competitors, I'm not convinced that his customers aren't already concern free as long as the pendulum hasn't swung in SCO's favor.

In the same post on EV1's Web site, Marsh said, "We make no endorsement of SCO nor do we make any admission as to their claims." It appears as though Marsh is trying to distance himself from SCO, but at the same time taking out an insurance policy from SCO in the form of a perpetual site license.

But where was Marsh two days ago when he announced the deal? He was on tour with SCO's McBride. That isn't the sort of distance that I'd keep from SCO if I were trying to make a business decision while also claiming that I wasn't endorsing SCO's strategy.

Every company has a different threshold for risk tolerance. I wouldn't let this latest development with EV1 or even the newly announced lawsuits against AutoZone and Daimler Chrysler force a premature decision about mitigating the SCO risk. Instead, decisions about the risks SCO poses should be based on the same criteria that are used in assessing and dealing with any other business risk.

You can write to me at david.berlind@cnet.com. If you're looking for my commentaries on other IT topics, check the archives.