While risk sensitivity is certainly understandable in this economic climate, there are reasonable means to evaluate the level of risk posed by SCO's allegations and to pursue the Linux path without undue risk. For example, there are several firms (including Olliance Group, with which I am affiliated) that can review the source code and licensing agreements in order to help organizations understand the extent of any risk associated with open source code and Linux. In addition, your organization can separate itself from this potential risk by making inquiry to your software provider regarding the sources of its code and requesting that your software/service provider insulate you from exposure to a claim by SCO.
In response to your specific question about Red Hat Linux, I believe that Red Hat has stated publicly that it has complied with all licensing agreements to which it is a party.
Finally, there may be insurance (either in an existing policy or in additional coverage available from your insurer) to cover the risk of loss associated with the use of Unix-based software to which SCO claims ownership.
In my view, it is by no means clear that SCO possesses the licensing and enforcement rights it claims to own. Your company should recognize that IBM has firmly denied the allegations filed by SCO and presumably stands behind that position with its customers. Other software providers, including Novell, have also publicly denied SCO's claims in writing. Moreover, the strategy pursued by SCO appears calculated to create fear and uncertainty over a prolonged period of time sufficient to convince users that it is easier to either pay the licensing fees to SCO or withdraw from the Linux market than it is to worry about the outcome of the litigation. In this context, if SCO had the requisite evidence to substantiate its claims concerning IBM's AIX license, it would have asked the federal court in Utah for an immediate injunction to prevent IBM from distributing AIX. It did not, intentionally leaving the claim dangling during the next phase of the litigation, which will take months or years to complete.
There are reasonable and cost-effective ways to take advantage of Linux and open source while protecting your enterprise against the possibility that SCO is right. Avoiding Linux until the dust settles seems prudent only if the cost of compliance with SCO's asserted rights outweighs the economic benefit of Linux and open source.
I hope that this is helpful.
This was first published in June 2003