Welcome!

From the Editor of Eclipse Developer's Journal

Bill Dudney

Subscribe to Bill Dudney: eMailAlertsEmail Alerts
Get Bill Dudney via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Article

Bill Dudney's Blog: Open Source Compliance Insurance - More Evidence of Maturing Market

Basically the insurance company will underwrite you and cover various types of 'direct loss'

Bill Dudney's Blog: Open Source Compliance Insurance - More Evidence of Maturing Market

I found this very interesting indeed. Basically the insurance company will underwrite you and cover various types of 'direct loss' if/when you pass their compliance audit. From the article;

In practice, OSRM has a team of five people who will carry out an open-source license compliance review on a company's software. This initial risk assessment costs between $25,000 and $50,000, according to Egger. OSRM will then report back to Hogg's Kiln on the findings of the review and after establishing the company's risk profile, the insurance policy will be drawn up. "The review firms up the facts that we've looked at it and believe in the position," Hogg said. "The buck [then] stops with the insurance company."

The team comes in and makes sure you are not currently in violation of the licenses of FOSS your company is using then provides coverage if you pass (and I would guess would give you points on how to pass if you currently don't). This makes me wonder what happens over time. Would something like Black Duck provide the on-going protection to keep your code in complainace? Not sure what the insurance company would require for the ongoing nature of development and the possibility of violations sneaking in. Later in the article though it says to get $10M worth of coverage will cost about $200K per year. Perhaps at that rate the insurance company could afford to send in someone from time to time to do a follow on assessment.

I'm not sure how I feel about insurance though. With insurance comes lawyers and with lawyers comes complexity. It will be interesting to see how many takers this type of insurance has.

More Stories By Bill Dudney

Bill Dudney is Editor-in-Chief of Eclipse Developer's Journal and serves too as JDJ's Eclipse editor. He is a Practice Leader with Virtuas Solutions and has been doing Java development since late 1996 after he downloaded his first copy of the JDK. Prior to Virtuas, Bill worked for InLine Software on the UML bridge that tied UML Models in Rational Rose and later XMI to the InLine suite of tools. Prior to getting hooked on Java he built software on NeXTStep (precursor to Apple's OSX). He has roughly 15 years of distributed software development experience starting at NASA building software to manage the mass properties of the Space Shuttle.

Comments (1) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
Eclipse Developer's Journal News Desk 11/02/05 02:51:25 PM EST

Bill Dudney's Blog: Open Source Compliance Insurance - More Evidence of Maturing Market. I'm not sure how I feel about insurance though. With insurance comes lawyers and with lawyers comes complexity. It will be interesting to see how many takers this type of insurance has.