Open Source Security hit with bill for defamation claim

Judge okays $260K in defense costs to Bruce Perens and lawyers under anti-SLAPP

By Thomas Claburn in San Francisco


Open Source Security, maker of the grsecurity Linux kernel patches, has been directed to pay Bruce Perens and his legal team almost $260,000 following a failed defamation claim.

The security biz, and its president Brad Spengler, sued Perens last year over a blog post, alleging defamation.

Perens, one of the early leaders in the open source movement, said it was his opinion that Grsecurity's policy limiting the redistribution of its software would expose customers to claims of contributory infringement and breach of contract under the terms of the GPLv2.

Open Source Security and Spengler challenged that claim, saying it was libelous and harmed the company's business.

Last December, San Francisco magistrate judge Laurel Beeler disagreed, ruling that Perens's statement was an opinion and not libelous.

In January, Open Source Security appealed the decision to the US Ninth Circuit Court of Appeals.

A month later, Perens and his legal team from O’Melveny and Myers LLP sued to recover legal defense costs – $526,893.50 – under California's Anti-SLAPP statute, a law enacted in 1992 to deter unfounded lawsuits that aim to suppress speech through the imposition of a costly court battle.

This amount, revised from previous filings, is based on 904 hours of work by five attorneys, a case manager and a project assistant.

Linux kernel hardeners Grsecurity sue open source's Bruce Perens


The defense team also asked for a 1.5x cost multiplier, based on an agreement between Perens and his attorneys that they would forego certain fees as part of a risk-sharing arrangement. Open Source Security challenged the amount sought as excessive and over the weekend the judge agreed.

"These fees are unreasonable," judge Beeler said in her ruling. "The court awards $259,900.50 in fees (for 446.20 hours) and $2,403.12 in costs."

But she denied the plaintiff's effort to delay the fee award until the appeal is resolved. So that bill is now due.

"Unfortunately, this is a setback for us," said Rohit Chhabra, founder of the Chhabra Law Firm and the attorney representing Open Source Security, in an email to The Register. "Nonetheless, we are confident Open Source Security will ultimately persist."

The security software biz may persist but the Electronic Frontier Foundation hopes to prevent the firm from prevailing. On May 24, two attorneys from the cyber rights advocacy group – Jamie Williams and Aaron Mackey – joined the appeal to represent Perens.

Reached by phone, Mackey declined to comment beyond acknowledging that the EFF intends to represent Perens before the Ninth Circuit. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Linux kernel 'give me root, now' security hole sighted, dubbed 'Mutagen Astronomy'

Red Hat Enterprise and CentOS users at risk

Love Microsoft Teams? Love Linux? Then you won't love this

Updated Learn to love the browser instead

Linux 4.19 lets you declare your trust in AMD, IBM and Intel

Wave the CPU trust flag if you're feeling safe enough

The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

Hole opens up remote-code execution to miscreants – or a crash, if you're lucky

SUSE and Microsoft give enterprise Linux an Azure tune-up

Veteran penguin botherer feels the need. For speed

Amazon adds cloudy Linux desktops to encourage developers to code for EC2

Running Amazon Linux 2, which just scored long-term support

App-y, app-y, joy, joy: Pain-free software installer Flatpak (kinda) works on Windows Subsystem for Linux

'This is just a bit of fun to see if it can work' says dev

make all relocate... Linux kernel dev summit shifts to Scotland – to fit Torvald's holiday plans

Edinburgh's in Canada, right? No? Oh … umm … sorry?

Arm cozies up to Intel for second time in a week – this time to borrow tools from Yocto Project for Mbed Linux

Aww, ain't that sweet

Penguins in a sandbox: Google nudges Linux apps toward Chrome OS

While keeping things safe