SCO claims that some versions of Linux contain SCO's proprietary Unix code. In March it launched a £620m lawsuit against IBM, accusing the company of contributing the disputed code to the Linux open source system.
In August SCO launched a licence scheme for users of the disputed code and threatened legal action against those who did not take out licences.
Although suppliers including Hewlett-Packard have promised to indemnify customers using open source software from SCO's claim, others, most notably IBM, have refused.
IBM said it continued to support Linux but added that providing indemnity to customers might inhibit the use of open source and restrict the freedom of customers to modify code.
In a paper on the subject, Giga Research, a subsidiary of Forrester Research, said although suppliers might offer firms indemnity for specific open source products, not all are disclosing the full extent of open source technology used in IT systems.
"Based on limited client feedback, it appears suppliers do notalways disclose which open source products are embedded in given solutions. IT has the expertise to ensure that this disclosure takes place," it said.
Giga stressed that IT departments have an important role to play in explaining the complexities of open source development and software licensing to legal and procurement departments when assessing the risk of legal action from SCO.
It also called for suppliers to address the concerns of their Linux users about the threat of legal action.
"Suppliers must find ways to assure their customers that in exchange for software or services fees, open source content is not a ticking financial time bomb," it said.