Open Source Risk Management (OSRM) has hired Groklaw editor Pamela Jones as Director of Litigation Risk Research. OSRM provides copyright infringement risk analysis through text pattern matching technology, and markets vendor-neutral indemnification insurance to companies — such as embedded Linux device makers — using open source technology.

Jones will help OSRM “identify potential minefields” in open source code through a “New Group” project analyzing the history of Unix and Linux. Jones describes her New Group project, on the Groklaw Website, as “a systematic, comprehensive, and carefully documented history timeline relating to Unix and Linux, based, with his kind permission, on Eric Levenez's Unix History timeline chart, but from the perspective of tracing the code by copyright, patents, trade secret, and trademark.”

Jones will also assist OSRM with “more proprietary” projects, according to OSRM founder Daniel Egger.

Jones will continue to manage the non-commercial Groklaw.net web site, which is editorially independent from her research work for OSRM.

OSRM — vendor-neutral indemnification

Egger founded OSRM in summer of 2003, through his venture capital firm Eno River, in which he is a partner. A patent holder in the area of text search and pattern recognition, Egger previously founded Libertec, which focuses on text retrieval from large research databases, and Bloodhound, a company providing medical record analysis to help the medical insurance industry detect and combat fraud.

Egger says that OSRM's fuzzy search algorithms give the company “a very good ability to detect obfuscated matches, where comments or function names have been changed,” but the underlying code is the same.

The typical OSRM customer would be a company performing due diligence on open source technology, and wishing to go beyond a simple search for copyright headers. “If you have a proprietary product, we can scan to make sure nothing GPL gets in,” says Egger.

Embedded angle

Egger notes that while some large companies, including HP, Novell, Red Hat, and the OSDL have offered indemnification programs, they usually preclude substantial code modifications, ruling out device designers and other embedded developers almost by default. “Embedded is a major area of focus for us,” Egger adds.

Background on OSRM

Egger says he founded OSRM with two goals. The first was to create a collective institution to respond to legal threats against the open source community in the way an owner would respond. “Other industries have faced similar liability challenges, and have generally addressed them with an insurance structure,” according to Egger. “Small to medium companies participate in a pool, delegating a single company to handle legal issues. That one company in turn becomes expert.”

Another goal for OSRM, according to Egger, was to preserve the freedom to modify open source code and leverage it to lower total cost of ownership.

“The SCO lawsuit [more about that here –ed] may prove to be frivolous, but it pointed out a fundamental vulnerability in the open source development model. No one company stands behind it, and there's no one group with the financial incentive to defend it. We wanted to create a collective institution that could respond [to legal threats] in the way an owner would respond.”

Early customers a secretive group

Egger reports that OSRM already has several companies representing the large financial institution and large Internet site sectors. So far, though, “every customer has been emphatic about confidentiality.”

For more details, refer to the OSRM Website.

 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.