News 

OSRM conducted a study of the kernel program at the heart of the Open Source operating system and discovered that although the software did not infringe any US patent that had previously been validated through the courts, it trod on the toes of 283 patents that are as yet untested.

Dan Ravichner, who carried out the kernel review and is the founder and executive director of the Public Patent Foundation and senior counsel to the Free Software Foundation, said: 'This patent risk is in line with what we expected to find, and likely comparable to the level of risk you would find in comparable proprietary software; the only difference with open source software being that proprietary software vendors typically provide legal backing for their customers.

'The bad news is that we identified 283 issued patents that have not yet been litigated, and contain claims that could conceivably be brought against Linux end-users and create financial exposure if found valid. And, of course, not-yet-issued patents could create similar problems. But, the good news is that none of the fully litigated patents we reviewed contain claims that cover Linux.'

Of those 283 untried patents, Ravichner found that about a third belonged to Linux friendly organisations. But he warns that these companies have never asserted it would not use its patents against Linux users.

The companies cited include Linux vendors Red Hat and Novell. Certainly Red Hat makes a patent promise to essentially not pursue litigation against open source software found to infringe its patents: 'Red Hat agrees to refrain from enforcing the infringed patent against such a party,' it reads.

A spokesperson from Novell's SUSE said it too follows a policy of registering patents as a defensive rather than offensive measure.

Even so, the study says that 27 of the yet to be validated patents are owned by arch enemy Microsoft and others that OSRM feels would have 'little to lose by making legal threats against enterprise Linux users in pursuit of settlement dollars.'

The OSRM reckons it costs an average of $3mn to defend a patent suit, successfully or otherwise, and independent of the strength of the patent at issue.

It offers corporate users of Linux 'patent insurance'

OSRM also helps businesses assess their exposure to such a risk which if done in-house could actually do more harm than good.

'Current U.S. patent law creates an environment in which vendors and developers are generally advised by their lawyers not to examine other people's software patents, because doing so creates the risk of triple damages for "willful" infringement,' said Daniel Egger, chairman and founder of Open Source Risk Management. 'This studied ignorance leaves the field open to those who would spread fear and disinformation. It also means that only a vendor-neutral entity, like OSRM, has the freedom and
incentive to assess the true risks.'

However, patent expert Greg Aharonian questioned whether there really is a market for such a service: 'Determining who needs patent insurance is tricky. Big companies and profitable software companies... tend to handle their patent costs through their normal budgetary processes and usual forms of corporate insurance. These are the companies that attract the bulk of the software patent litigation. Smaller companies and barely profitable companies, while more needful for such a type of insurance, are also rarely the target of patent infringement lawsuits,' he said.

'It is hard for insurance companies to predict future liabilities of their policyholders, making it difficult for the insurance companies to calculate profitable premiums. They tend to cope by charging high premiums, making their policies too expensive for most that need it.'

'There is little need for specialized insurance, and more need to get Patent Offices to issue fewer and better quality software patents so that the fear of lawsuits is even less.'

But the patent risk in using open source software looks only set to increase. Microsoft may only own 27 of the yet-to-be-validated patents in the Linux kernel, but last week it said it is aiming to register 3,000 a year. The risk to small and barely profitable open source companies may be small because they are unlikely patent suit targets, according to Aharonian. But any large corporates considering moving to Linux may think twice considering their increasing exposure to patent litigation as an end-user. Perhaps the open source companies may pass unnoticed under the legal eyes of the likes of Microsoft. But a large corporate looking to jump to Linux? Well you'd expect someone like Microsoft to at least point out what it considers the patent risks of doing so.