Open Source Security hit with bill for defamation claim

Judge okays $260K in defense costs to Bruce Perens and lawyers under anti-SLAPP

By Thomas Claburn in San Francisco


Open Source Security, maker of the grsecurity Linux kernel patches, has been directed to pay Bruce Perens and his legal team almost $260,000 following a failed defamation claim.

The security biz, and its president Brad Spengler, sued Perens last year over a blog post, alleging defamation.

Perens, one of the early leaders in the open source movement, said it was his opinion that Grsecurity's policy limiting the redistribution of its software would expose customers to claims of contributory infringement and breach of contract under the terms of the GPLv2.

Open Source Security and Spengler challenged that claim, saying it was libelous and harmed the company's business.

Last December, San Francisco magistrate judge Laurel Beeler disagreed, ruling that Perens's statement was an opinion and not libelous.

In January, Open Source Security appealed the decision to the US Ninth Circuit Court of Appeals.

A month later, Perens and his legal team from O’Melveny and Myers LLP sued to recover legal defense costs – $526,893.50 – under California's Anti-SLAPP statute, a law enacted in 1992 to deter unfounded lawsuits that aim to suppress speech through the imposition of a costly court battle.

This amount, revised from previous filings, is based on 904 hours of work by five attorneys, a case manager and a project assistant.

Linux kernel hardeners Grsecurity sue open source's Bruce Perens


The defense team also asked for a 1.5x cost multiplier, based on an agreement between Perens and his attorneys that they would forego certain fees as part of a risk-sharing arrangement. Open Source Security challenged the amount sought as excessive and over the weekend the judge agreed.

"These fees are unreasonable," judge Beeler said in her ruling. "The court awards $259,900.50 in fees (for 446.20 hours) and $2,403.12 in costs."

But she denied the plaintiff's effort to delay the fee award until the appeal is resolved. So that bill is now due.

"Unfortunately, this is a setback for us," said Rohit Chhabra, founder of the Chhabra Law Firm and the attorney representing Open Source Security, in an email to The Register. "Nonetheless, we are confident Open Source Security will ultimately persist."

The security software biz may persist but the Electronic Frontier Foundation hopes to prevent the firm from prevailing. On May 24, two attorneys from the cyber rights advocacy group – Jamie Williams and Aaron Mackey – joined the appeal to represent Perens.

Reached by phone, Mackey declined to comment beyond acknowledging that the EFF intends to represent Perens before the Ninth Circuit. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Linux kernel 'give me root, now' security hole sighted, dubbed 'Mutagen Astronomy'

Red Hat Enterprise and CentOS users at risk domain hacked, plastered with trolling, filth and anti-transgender vandalism

Web admin blames public Whois and lack of 2FA

Love Microsoft Teams? Love Linux? Then you won't love this

Updated Learn to love the browser instead

Linux 4.19 lets you declare your trust in AMD, IBM and Intel

Wave the CPU trust flag if you're feeling safe enough

Linux reaches the big five (point) oh

Torvalds has run out of fingers and toes, so version 5.0 RC1 is here

The D in SystemD stands for Dammmit... Security holes found in much-adored Linux toolkit

Patches pending for distros to deal with threat of local privilege escalation to root

SUSE and Microsoft give enterprise Linux an Azure tune-up

Veteran penguin botherer feels the need. For speed

The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

Hole opens up remote-code execution to miscreants – or a crash, if you're lucky

Amazon adds cloudy Linux desktops to encourage developers to code for EC2

Running Amazon Linux 2, which just scored long-term support

Linus Torvalds opts for the scream test: Linux kernel syscall tweaked to shut data-leak hole – anyone upset, yell now

And he did it without swearing... folks with broken programs may act otherwise