[OWASP-LEADERS] Sanctums Patent

Dawes, Rogan (ZA - Johannesburg) rdawes at deloitte.co.za
Mon Dec 1 01:23:48 EST 2003

I guess the first question is: 

Does Sanctum's US patent affect other countries?

At this point, 99.99% of WebScarab's development is occuring either in South
Africa, and soon to be Czech Republic. Do I have to care about this?

Realising that OWASP is largely based in the US, it may be necessary for
OWASP to "disown" WebScarab as a project under the banner, but there may be
nothing to stop the development and distribution of WebScarab from going
ahead regardless.

Do we have any international patent lawyers on this list? ;-)


> -----Original Message-----
> From: Mark Curphey [mailto:mark at curphey.com] 
> Sent: 01 December 2003 03:00 AM
> To: owasp-leaders at lists.sourceforge.net
> Subject: [OWASP-LEADERS] Sanctums Patent
> Team,
> I have been hearing rumors that Sanctum are starting to issue 
> writs for
> patent infringement. Whilst I personally think its farcical 
> that anyone can
> get such a patent that facts are its been issued and they are pursuing
> people. The question for us is how is WebScarabs future 
> affected by this
> patent ? There are also a lot of questions about OASIS WAS 
> that we need to
> deal with but that's a separate issue. What do we do ?
> United States Patent No. 6,584,569 to Reshef et al. and 
> assigned to Sanctum
> Ltd. ("The Sanctum Patent") discloses a scanner for 
> automatically detecting
> potential application-level vulnerabilities or security flaws in a web
> application. The independent claims of the Sanctum patent 
> generally relate
> to a scanner that (1) traverses a web application in order to 
> discover and
> actuate the links therein, (2) analyzes messages that flow or 
> would flow
> between an authorized client and a web server in order to 
> discover elements
> of the web application's interface with external clients and 
> attributes of
> these elements (such as links, fill-in forms, fields, fixed 
> fields, hidden
> fields, menu options, etc.), (3) generates unauthorized 
> client requests in
> which these elements are mutated, sends the mutated client 
> requests to the
> web server, receives server responses to the unauthorized 
> client requests,
> and (4) evaluates the results thereof.
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it
> help you create better code?  SHARE THE LOVE, and help us help
> YOU!  Click Here: http://sourceforge.net/donate/
> _______________________________________________
> Owasp-leaders mailing list
> Owasp-leaders at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-leaders

Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by clicking here or by copying and pasting the following address into your Internet browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre at Deloitte.co.za.

More information about the OWASP-Leaders mailing list