Open Source Risk Management Unveils Industry's First Vendor-Neutral Risk Mitigation Services

Company Launches with Support from Key Open Source Leaders,

Legal Experts and Corporate Linux Users

Mar 17, 2004, 00:00 ET from Open Source Risk Management

    SAN FRANCISCO, March 17 /PRNewswire/ -- Open Source Business Conference --
 Open Source Risk Management (OSRM), the industry's only vendor-neutral
 provider of Open Source risk protection services, today unveiled a
 comprehensive set of services to help companies assess and mitigate the legal
 risks of involvement with Open Source.  The first vendor-neutral offering of
 its kind, these services are based on OSRM's sophisticated code-scanning
 technology and best practice protocols developed with the OSRM Working Group
 of CIOs and legal counsel from Fortune 500 enterprise Linux users.  Pioneering
 a market estimated at $1 billion, OSRM is launching at this week's Open Source
 Business Conference with support from top Open Source community leaders,
 intellectual property (IP) legal experts and input from Fortune 500 Linux
     Using sophisticated code-scanning and copyright infringement detection
 technologies; OSRM assesses a client's code base and identifies the most
 likely sources of plausible legal claims.  The company then offers risk
 mitigation consulting services, based on its set of best practices protocols.
 Based on this code assessment, OSRM plans to offer indemnification packages, a
 form of insurance-like protection against Open Source-related litigation.
     As a vendor-neutral entity, OSRM can provide protection against a wider
 range of claims than any single proprietary vendor.  Proprietary vendors can
 provide indemnification only for the exact code they sell.  So, if customers
 modify, share or fix their code -- all of the things that make Open Source
 attractive -- their indemnification is voided.  Only with vendor-neutral
 indemnification can a customer's unique code base be assessed and insured;
 preserving the benefits of Open Source while still protecting users.
     "Rather than asking vendors to do what they will never feel comfortable
 doing -- in effect asking them to indemnify their competitors' products and
 services -- it is in the long-term interest of all Linux vendors to support a
 collective vendor-neutral defense of Open Source," said Bruce Perens, one of
 the founders of the Open Source movement.  "As a result, Open Source users
 will be better protected when using an alternative to proprietary software --
 meaning that Open Source wins out, not only on grounds of efficiency, freedom,
 and cost, but in regards comprehensive risk management as well."
     Already, OSRM has garnered support for its approach from some of the top
 intellectual property legal experts, including Heather Meeker and Henry W.
 ("Hank") Jones III; open source community leaders, including Bruce Perens; and
 has begun consulting with several Fortune 500 companies. And, similar to the
 Open Source model itself, OSRM has engaged the open source community by
 funding the Unix Timeline Project.  Created to track down all Unix copyrights
 that could lead to Open Source legal claims, this project is led by Pamela
 Jones, creator of, and staffed by over 400 volunteer contributors,
 including many of the original Unix creators and eminent technology
 historians. The information gathered will be given back to the community and
 utilized by OSRM in assessing client code risk.
     OSRM's services are based on sophisticated code-scanning technology and a
 set of best practice protocols for Open Source risk assessment and mitigation.
 Using this technology, OSRM conducts intensive risk assessments of its
 clients' code, based in part on OSRM's own proprietary VSearch(TM) risk
 assessment algorithms.  The best practice protocols used to help clients
 design risk mitigation strategies were created with input from intellectual
 property legal experts, and Fortune 500 Linux users involved in the OSRM
 Working Group, a confidential forum to discuss best practices for using Open
 Source, build strategies to address risk, and share information about the
 indemnification offerings.
     "Open Source indemnification is clearly an issue people are concerned
 about, and a solution people are excited about -- in my 12 years of experience
 I have never seen greater interest and pent up demand for a brand new
 offering," said Daniel Egger, chairman and founder of Open Source Risk
 Management.  "After meeting with numerous Open Source leaders, Fortune 500
 CIOs, and intellectual property lawyers, it's clear there is a void in the
 market and a need for the unique services OSRM will provide."
     About Open Source Risk Management
     Supported by top open source leaders and intellectual property legal
 experts, Open Source Risk Management (OSRM) is the industry's only vendor-
 neutral provider of open source risk assessment and mitigation services.
 Using sophisticated code-scanning and copyright-infringement detection
 technologies, OSRM helps organizations assess their potential risk and then
 designs risk mitigation solutions based on a set of best practice protocols.
 OSRM offers best practices training and consulting services, and will offer
 comprehensive vendor-neutral insurance solutions.
      For more information, please visit
      Linux is a trademark of Linus Torvalds, and Unix of the Open Group.
      Karen Duffin
      Bite Communications
     This release was issued through eReleases(TM).  For more information,

SOURCE Open Source Risk Management