With each announcement, Microsoft, in effect, strengthens the likelihood that it will take formal legal action, because if it does not and allows these patents to continue to be violated, it may forever lose its ability to enforce them. It has been cross-licensing up a storm but should eventually shift to enforcement.
So how concerned should you be?
Who's in the Clear?
Well, if you are an HP or Novell Linux customer, you appear to be in the clear, because both are protected (HP potentially doubly so) from any hostile action by Microsoft. Both of these companies have gone to extreme lengths to ensure their customers are not impacted by this, and that probably should be taken into account when you are dealing with either firm. (I'm thinking a big "Thank You" is in order.)
This indemnification isn't limitless, but even if some of your Linux isn't directly protected by either of these companies, the fact that one and/or the other is providing the solution should lower the probability significantly that you will be taken to task publicly by Microsoft.
I would also argue that any company that uses a Microsoft Enterprise Agreement broadly would be unlikely to be a target if only because it makes little sense to target one of your most loyal customers first with any action like this. For anyone else, a license audit could be a trigger event.
Will Microsoft File Against Corporations?
This is tough to call, but Microsoft says no at this time. I've covered Microsoft for several decades now and it has not shown a tendency to want to go after IT shops, and there is a lot of risk associated with doing so broadly, as SCO has demonstrated. It could actually trigger a pull back from its solutions in response to this, and the revenue risk is significant.
On the other hand, the firm isn't really known for bluffing either, which suggests it will likely use other methods to convince line management to license. Typically, if Microsoft indicates it will do something, eventually it tries to do it. The key word here is "try," as it doesn't mean they will be successful and litigation hasn't been a slam dunk for them of late, in any case.
My take is Microsoft will put litigation off as long as it can, but is on a path where I don't think it can avoid litigation forever if it wants to actually protect its patents. But such action is likely still some time off, and it will come with substantially more warning, both globally and individually, before Microsoft pulls the trigger.
In short, Microsoft is clearly already applying pressure, but litigation against IT is likely years off, if it ever comes.
Who Is Likely to Go First?
The common strategy is to pick someone to take to court first that you are most likely to win against. Ideally, you want a venue where the laws work in your favor, and you want to deliver a message both in the filing and the coverage that surrounds it that motivates those that are also violating your patents to either stop using the infringing code or license.
The likely initial targets would seem to be the Linux Foundation as a proxy for Linux, IBM as the largest non-licensed supplier (and contributor) to Linux, and Red Hat as the most powerful branded Linux distribution owner. Linspire would likely be even easier, but I doubt slam-dunking them would do much other than showcase the extreme disparity between the two companies, though Microsoft might be able to get much of its name settlement back (which honestly could be a legitimate consideration).
There is a lot of bad blood between IBM and Microsoft right now, and the PC Company, which mitigated this, is gone. This is probably the vector Microsoft would most like, but IBM and Microsoft are cross-licensed and IBM has done well in the SCO action, both of which make taking it on more risky. In addition, IBM has massive resources that, while no longer Microsoft's equal, are still a force to be reckoned with. If Microsoft lost, it would be against one of the strongest firms in the segment so it wouldn't be dead in the water, and if it won, the penalties could be legendary. However, this would be an incredibly difficult case to win given that IBM is now the most expert at defending against this charge and has a massive patent portfolio defense itself.
The Linux Foundation is on the other side of the equation and likely couldn't stand up to an attack like this alone, but is preparing counterclaims anyway. However, going after the foundation could ferment a broad war and if Microsoft wasn't careful it could become a much stronger rally point than it is already for an anti-Microsoft agenda.
It isn't clear how much of the related liability can pass through to the Linux Foundation and, if Microsoft lost, the downside would be worse than any of the other choices. If it won, the foundation has no appreciable financial resources to seize and would probably bankrupt and re-emerge as a new entity. In short, Microsoft's chance of winning is the best, but the end result could actually be more bad than good, and it might never actually be able to collect what it won.
Like the Three Little Bears, Red Hat may be just right. This company is the poster child for Linux to the real world, its weakness would be Novell's strength, and Microsoft is now closely partnered with Novell. Just filing against Red Hat broadly would likely do really good things for Novell's top and bottom lines. Red Hat isn't the pushover the Linux Foundation likely is, but it doesn't have IBM's resources, cross-licenses or litigation experience either.
Red Hat is very visible and is perceived as a larger company than it actually is. Finally, it isn't very well liked by the OSS purists who will find it hard to come to the company's defense, limiting their alliance options and their ability to respond forcefully. This would seem to provide the best balance between risk, cost, visibility and benefit.
What Should You Do?
If you are using Linux and are not adequately indemnified (and given Red Hat's resources and likelihood of being the initial target, I would argue their indemnification may not be adequate), I'd simply make sure your own legal organization is in the loop and that you are following their advice. If something goes south, you can then show you behaved reasonably to protect your company. You may not like what your legal department recommends -- that's often true of attorneys -- but they are there to protect the firm and having them on your side could make the difference between looking competent and looking intentionally negligent.
The most exposed will be those in companies which have policies against OSS products and are intentionally violating these policies. I can think of no better trigger for a software audit by Internal Audit than the visibility of a highly publicized IP legal action. When I was a senior auditor in charge, my recommendation was always termination when intentional policy violations like this were discovered, and I can't recall a time when that recommendation was not followed.
Internal Audit, thanks to Enron, WorldCom and options backdating problems is vastly more powerful now than it was in my day, so cover your butts and either stop using OSS products or change the policy if your company has one.
Though, if I were to actually bet, my sense is you are more likely to get nailed by a disgruntled employee who has gone to a competitor (who then uses this against you in a critical government or large enterprise bid triggering an audit) or simply reports the violation to Internal Audit as his or her way of uniquely saying "thank you" for the wonderful job opportunities.
In any case, it will be increasingly risky to violate corporate policies in the current environment. This latest positioning by Microsoft just makes this type of violation more likely than it was to be caught.
Now on a scale of one to ten, this whole thing dropped a lot in importance whenthis little piece of news (yes there really is a Skynet) hit, a reminder that not only can life imitate art but that being paranoid may increasingly be an advantage and that keeping all of this in perspective remains important.