Be prepared. It’s always good idea, especially when it comes to reducing risk and the potential risk associated with intellectual property embodied software that your organization is using.

So what’s the issue? How likely are you to be sued for intellectual property infringement based on software that you’ve downloaded, used, or deployed? As we discussed in the last column, software property rights are typically made up of four things: copyrights, patents, trademarks, and trade secrets. Organizations that infringe on any of those (or are merely suspected of infringing on any of them) can be the target of a lawsuit, the implications of which can range from wasting boatloads of time, money, and corporate resources in defense of such a lawsuit to paying damages to having to remove the offending software (and thus find a suitable replacement without disrupting your business).

On one side is Microsoft, with a revised software license program that covers all four of these software intellectual property issues for almost all the software that Microsoft sells (with the exception of some embedded software). The updated licensing that Microsoft introduced last year covers basically customers—with no cap—for lawsuits arising from intellectual property (IP) infringement cases. It’s some of the best—if not the best—coverage for IP infringement offered in the software industry.

On the other side are Open Source advocates and other software vendors (including large ones like IBM) that provide little, if any, coverage for IP infringement. The rational from this side seems to be that in reality, extremely few companies will truly every face a legal action based on IP infringement and that such coverage or indemnification is, if not meaningless, at least unwarranted. Of course, IBM’s stance is wrapped up in its defense against SCO’s IP-related Linux lawsuit.

From the risk protection perspective, it matters little if an organization is using software they purchased from a software vendor or not when it comes to these types of lawsuits—anyone can be sued (although not necessarily successfully) if infringement (or other legal transgressions) can be claimed. Traditional software vendors protect against this by conscientiously managing the IP that goes into any software product—protecting patents, managing copyrights, and making sure to do due diligence when incorporating outside software or IP into a software product.

Unfortunately, open source software and even open source products from commercial vendors complicates the issue. Even with well-managed open source distributions, organizations can not be absolutely sure of that all the IP and work that has gone into them as not stolen or infringed on existing software, patents, copyrights, etc. Essentially, when you’re buying or using Linux or some other open source project, you’re using it “as is” and assuming the complete risks and responsibilities for defending yourself if the software is found to be infringing.