Indemnification — Not Just an Open Source Issue

Enterprise CIOs are struggling to get up to speed on the perils of intellectual property (IP) suits. But it’s okay to hang back and see how it shakes out, analysts said.

IT research firm IDC released results of a survey of 200 IT professionals on Wednesday. The bottom line: The potential need for protection against IP infringement suits applies to both open source and conventionally licensed software.

While indemnification has not yet become a part of the IT landscape, several trends may make it a key element of vendor negotiations, said Stephen Graham, IDC group vice president of global strategies,

Courts have veered toward favoring the rights of IP owners, he said, while the U.S. Patent & Trademark Office has issued huge quantities of software patents.

Then, in 2003, he said, “SCO shook the foundations of the technology community, suing IBM and threatening several of its largest customers.” SCO claimed that IBM included proprietary SCO code in its contribution to the Linux kernel, and that, therefore, any company using Linux also infringed on its copyright. The suit still is in litigation.

The rise of holding companies that buy intellectual property solely to prosecute patents could make infringement suits a way of life for enterprise software users, Graham said.

But while awareness of the danger of being sued is rising, corporate policy is lagging, IDC found.

More than 40 percent of the companies IDC surveyed reported no formal policy on requiring vendors provide some sort of indemnification against SCO Syndrome, while more than half either had at least an informal policy or were in the process of drafting one. Around 75 percent of companies with more than 1,000 employees had an indemnification policy in place, with mid-sized companies almost twice as likely to have let this slide.

Therefore, Graham said, large enterprises are the ones to watch for tips on policy development and management approaches. “If the issue becomes more important, we’ll see it here first,” he said.

“But when it comes to being the target, it’s not how big you are but how financially attractive,” Graham added.

The survey follows a December IDC research note advising open source software vendors to get their IP — and indemnification programs — in order. Graham wrote the note in response to Microsoft broadening its indemnification program to cover the full cost of any claim arising form patent, copyright, trade secret and trademark disputes.

Open source advocates claim that Microsoft and other enterprise software vendors attempt to use confusion about IP within Linux to scare potential customers away from open source products.

Many Linux vendors offer assorted warranties or indemnification programs, while Open Source Development Labs (OSDL) established the Linux Legal Defense Fund.

But IDC found that customers weren’t so concerned.

“Although Microsoft contends that IP indemnification is critical, it has also stated the historical volume of calls from customers approached by people with IP litigation cases includes a handful in any given three-month period, and a lot of these people do not have valid claims,” wrote Graham and co-author Alexandrina Boariu.

Adding that most open source vendors consider the SCO case an exception, they continued, “Microsoft’s indemnity offering is undoubtedly the most complete — but the company must now convince the market that this completeness. . . has tangible value that ought to be considered when making strategic IT decisions.”

If customers don’t think there really is a significant risk of a lawsuit, they’ll take the indemnification offered by Linux vendors. But if Microsoft can establish indemnification as a market differentiator, then open source vendors will need to match it, IDC said.

The strongest differentiator between indemnification programs, according to the Graham/Boariu report, is how easy it is for a customer to trigger the protection of indemnification. For example, according to an IDC table comparing indemnification programs, all a Microsoft customer needs to do is notify Microsoft in writing about a claim; the situation is similar for the Novell Linux Indemnification Program, with the addition of signing a licensing addendum within 10 days of buying the product.

In the case of the Open Source Development Labs Linux Legal Defense Fund, however, the OSDL board of directors will decide whether a customer meets their criteria. The OSDL doesn’t make any guarantees about the amount of legal fees it will cover.

IBM, despite having a strong Linux initiative, doesn’t offer an indemnification plan, instead relying on those of the distributors that it resells.

IT pros responding to the survey are applying indemnification policies across the board, Graham said, requiring them of both open source and conventionally licensed software.

He said the question for IT decision makers should be, “Whatever programming model my vendor operates on, whether open source, conventionally licensed or mixed, do they have control of their own intellectual property rights and licensing?”

News Around the Web