Dana asks whether open source indemnification still matters, since OpenLogic just announced that they would indemnify customers for some 160 OSS products.

When we were coming out with WAS CE, this is something we discussed with customers and partners. The typical answer was, “yeah, we’d like to get indemnification, but I wouldn’t pay extra for it, and hey, if someone wants to sue, I’m sure they’ll go after the deep pockets of IBM instead of me”.

At the time JBoss used to make a big deal about Indemnification being included with their Gold & Platinum levels of support. Customers could get unlimited funds for legal defense and towards code repair or replacement from JBoss. Customers could also be eligible for damages up to 4x the value of their support contract with JBoss. Here is the JBoss support datasheet that I’m using as reference. See pg 3 under Risk Mitigation. Notice that the datasheet is copyrighted in 2005. Also, see this posting by Bob Bickel about JBoss touting indemnification for customers.

Now, if you look at the new datasheet (and a link to the JBoss support datasheet that was live as of Oct. 19, 2006), which was “revised 08.06”, after the Red Hat acquisition, you’ll notice that the Risk Mitigation section of the datasheet is absent. This could mean that:

  • (a) Risk mitigation/indemnification is no longer offered
  • (b) Indemnification is offered for an additional fee if requested
  • (c) Indemnification is offered, but customers don’t consider it to be a make/break feature of the support offering, and so, it’s not listed on the datasheet

My guess is that it’s (a), as a result of (c). Namely, customers aren’t willing to pay extra for it. So, Red Hat/JBoss may have decided not to market it and take on additional legal risk without the additional revenue to make it worthwhile. But maybe customers just assume that the vendor will step in should legal action be taken against the customer? So, in the end it’s a wash, because it would look really bad for Red Hat or any vendor to hang their customers out to dry if legal action against a customer resulted from using a Red Hat/vendor supplied OSS product. But that’s just my guess, and I’m not a lawyer.

In any case, I think the fact that risk mitigation/indemnification is no longer being touted as a feature indicates that it’s no longer a decision making feature of a support offering. So, yeah, Dana, I agree with your take on indemnification!