Hewlett Packard's decision to set up an indemnification program, had nothing to do with the company's convictions about SCO's claims. It was all about the business opportunity that SCO's actions created. HP wasn't the only one to spot that opportunity. In founding Open Source Risk Management, Daniel Egger may have given birth to a new cottage industry: open source insurance. Egger claims he's only a few more customers away from getting the backing of some large insurance underwriters, and then he'll be open for business.

As Egger put it, "If you're depending on open source software, think of OSRM as the extended warranty provider."

Egger has a laundry list of reasons why each of the current forms of protection being offered by organizations like HP, Novell, Red Hat, and OSDL are not very good. "With HP, it has to be on HP's gear," said Egger. "With Novell, it's just SuSE Linux. Red Hat's defense fund is for developers and OSDL's covers employees first. All of them are at the very least restricted to Linux and some of those to lawsuits by SCO. With the indemnification programs, contrary to the spirit of open source, you can't modify the source code."

If OSRM opens its doors, Egger plans to offer a form of open source insurance that offers total peace of mind (from the liability perspective) to anybody (consumer to enterprise) running any open source software (modified or not) on any number of computers.

		Special Report: Managing the legal risks of Linux  The SCO legal train: Know your options  Protect Thyself 101: A primer on indemnification  Novell's protection: Covers more than SCO  HP's protection: SCO-only, but no dollar limit  Instead of indemnification, consider insurance  Defense funds: Taste great, but less filling  Is Red Hat the canary in SCO’s coal mine?  What did SCO buy--Unix or the Brooklyn Bridge?

The only qualification you need to get open source insurance is money in the form of a 3 percent annual premium. For example, if you want $1 million worth of coverage, OSRM's annual premium would be $30,000. Similar to the programs from both HP and Novell, OSRM assumes the defense. If you are sued by SCO or any other company claiming that in the course of using open source software you misappropriated its intellectual property, and OSRM loses the defense, you must decide how best to use the insurance money.

To prevent frivolous claims, there is a deductible (about 90 percent of the premium). The money can be used in a variety of ways. "First and foremost, it can be used to pay any damages," said Egger. "But, in addition to covering the damages, we cover some things that no one else offers protection for. One of these is a court ordered injunction." As Eggers explained it, the threat of an injunction is not only a terrifying threat, but can also be crippling to a business. "The interruption of business can cost more than the damages" said Egger. "So, we'll cover the direct costs and even some of the indirect costs that a company sustains as the result of an injunction."

In addition to injunction protection, OSRM's policy covers companies for the cost of fixing infringing code. For example, if you can prove that to replace infringing code, you had to bring down your servers, which in turn caused you to lose $1 million an hour, OSRM's policy will cover you for that loss up to the policy's limit. Another "infringing code fix" that could become expensive is where code that was either licensed to you under the GNU General Public License or that portended to be licensed to you under the GPL (which may have been the case in the SCO lawsuit) found its way into your proprietary software, and now, at some expense, it must be replaced.

Business owners don't like unknowns, Egger noted. If business risks can be managed for a cost, the known cost can be factored into the cost of running the business or the total cost of ownership (TCO) of the information technology. Depending on what that cost is, everything from the budget to the price of goods or services can reflect the additional costs to manage risk.

Like HP, Egger isn't in the business of determining who is going to win or lose the SCO case. Regarding the merits of SCO's claims, Egger had no comment other than that he believes this may not be the last time that end users of open source are threatened with charges of misappropriation of intellectual property. If he didn't feel that way, OSRM might not have a reason for being.

Egger also believes that the next lawsuits won't be about copyright infractions, which he believes are harder to win. "The next one," Egger said, "will probably be a patent. Patents are more broadly interpreted. I can't tell you which of the 8,000 patents out there will form the basis of a shrewd attack on the Linux kernel. But I can tell you that there are people working on it because the amount of money that stands to be made is phenomenal and, because there are literally thousands of contributors to the kernel, organizing a defense would be very difficult. That makes it an easy target."

You can write to me at david.berlind@cnet.com. If you're looking for my commentaries on other IT topics, check the archives.