"What helps is that we're a mainframe shop, and when IBM comes in and says open-source is good, it's like the pope blessing it," says John Welch, open systems administrator at Kansas City Life Insurance Co. in Missouri.

But that blessing is not a dispensation from the risks involved, says Daniel Egger, CEO of Open Source Risk Management Inc. in New York. "Forces that are hostile to open-source have exaggerated the risk," says Egger. "But it would be false to say the risk is zero."

He says that in some cases, if you're caught distributing open-source code that you've modified or combined with your own, the license can compel you to release all of your related code into the public domain. After Cisco Systems Inc. bought Linksys, it discovered that Linksys had violated the GPL, and it had to unveil what it had hoped would be proprietary code as open-source software.

Egger's firm works with third-party insurers to offer up to $10 million in risk insurance in case your company botches an open-source license restriction. But it will also protect you against a SCO-like attack on open-source. SCO, he points out, has been clumsily trying to sue end users of the Linux operating system for alleged copyright violations. But so far, the company has failed in all of its legal maneuvers.